Show SSH login user

Post Reply
eugene

Show SSH login user

Post by eugene »

OS6450's SSH logs don't show which user is logged in.

Code: Select all

THU OCT 24 16:18:31 2019 SSH info Session 46 New SSH Connection from 10.1.1.1 port 55522
OS6900's SSH logs does show the username.

Code: Select all

2019 Oct 24 15:39:18.861 stack sshd[9864] Received publickey for eugene from 10.1.1.1 port 56426 ssh2
Does anyone have a clue how to make OS6450 emit the username? I tried these methods to no avail:
1. Enable "aaa switch-access mode enhanced"
2. Enabling "debug" mode on the logging mechanism on certain apps

On debug logs in (2), is there a way to enable debug mode for ALL applications? I found a unwritten command "swlog console level" to set the log level for the console but can't find a similar one for all apps.

Code: Select all

-> show swlog
Operational Status                    : On,
Log Device 1                          : flash,
Log Device 2                          : console,
Syslog FacilityID                     : local0(16),
Remote command-log                    : Disabled,
Console Display Level                 : debug1 (7),
All Applications Not Shown Level      : info (6)


Thanks in advance!
Top
eugene

Re: Show SSH login user

Post by eugene »

"swlog appid ssh level debug1" turns on debug1 mode for SSH but it generates over 300 lines per login just for the following line. Too verbose!.

Code: Select all

TUE OCT 29 11:22:03 2019            SSH  debug1 [SSH 32] userauth-request for user eugene service ssh-connection method publicke
TUE OCT 29 11:22:03 2019            SSH  debug1 [Count.]y
Any tips on how to get the username without needing this level of verbosity?

On a separate note, it seems that there are many "secret CLI commands" that are not listed in the CLI Reference Guide.
Top
silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 2087
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Show SSH login user

Post by silvio »

use for this the command-log feature.
regards
Silvio
Top
eugene

Re: Show SSH login user

Post by eugene »

Thanks Silvio! Is there any way to print the userid in "show log swlog" like what the OS6900 outputs?
Top
silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 2087
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Show SSH login user

Post by silvio »

I do not know any way. I use the command-log for it.
regards
Silvio
Top
eugene

Re: Show SSH login user

Post by eugene »

My security team is ok with piecing together "show log swlog" and "show command-log" so I found my solution. Thank you again Silvio.
Top
Post Reply

Return to “OmniSwitch 6450”