• 全部
  • 經驗案例
  • 典型配置
  • 技術公告
  • FAQ
  • 漏洞說明
  • 全部
  • 全部
  • 大數據引擎
  • 知了引擎
產品線
搜索
取消
案例類型
發布者
是否解決
是否官方
時間
搜索引擎
匹配模式
高級搜索

S5130S-EI RADIUS 授權SSH登錄問題

2025-03-26提問
  • 0關注
  • 0收藏,619瀏覽
seven
seven 零段
粉絲:0人 關注:0人

問題描述:

最近想進行RADIUS授權交換機登錄,故障描述:SSH連接後,RADIUS授權登錄成功,客戶端?服務器立馬斷開連接

附上交換機主要配置

#

domain ***.***

 authentication login radius-scheme sw_admin

 authorization login radius-scheme sw_admin

 accounting login radius-scheme sw_admin

#

domain system

#

 domain default enable ***.***

#

radius scheme sw_admin

 primary authentication 192.168.40.217

 primary accounting 192.168.40.217

 accounting-on enable

 key authentication cipher $c$3$1q8L3TQCP5n/fn19+TnaZJbWU5cvC8WnoIXe

 key accounting cipher $c$3$IFRp/K31l3MyTQqUkicWNsuGY3LwDGwXNeVA

 nas-ip 192.168.40.254

#

line vty 0 63

 authentication-mode scheme

 user-role network-admin

 user-role network-operator

#

並附上SSH的DEBUG

<H3C>*Jan  2 21:48:14:916 2013 H3C SSHS/7/EVENT: Start new child 1704.

*Jan  2 21:48:14:939 2013 H3C SSHS/7/EVENT: Connection from 192.168.10.1 port 59608

*Jan  2 21:48:14:943 2013 H3C SSHS/7/EVENT: Client protocol version 2.0, client software version nsssh2_8.0.0012 NetSarang Computer, Inc.

*Jan  2 21:48:14:945 2013 H3C SSHS/7/EVENT: Enabling compatibility mode for protocol 2.0

*Jan  2 21:48:14:945 2013 H3C SSHS/7/EVENT: Local version string SSH-2.0-Comware-7.1.070

*Jan  2 21:48:14:946 2013 H3C SSHS/7/EVENT: Pki-domain-name is not configure.

*Jan  2 21:48:14:946 2013 H3C SSHS/7/EVENT: Pki-domain-name is not configure.

*Jan  2 21:48:14:950 2013 H3C SSHS/7/EVENT: Hostkey string is : ssh-rsa

*Jan  2 21:48:14:951 2013 H3C SSHS/7/MESSAGE: Prepare packet[20].

*Jan  2 21:48:14:953 2013 H3C SSHS/7/MESSAGE: Received packet type 20.

*Jan  2 21:48:14:953 2013 H3C SSHS/7/EVENT: Received SSH2_MSG_KEXINIT.

*Jan  2 21:48:14:954 2013 H3C SSHS/7/EVENT: My proposal kex:

*Jan  2 21:48:14:954 2013 H3C SSHS/7/EVENT: Kex strings(0): ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

*Jan  2 21:48:14:954 2013 H3C SSHS/7/EVENT: Kex strings(1): ssh-rsa

*Jan  2 21:48:14:955 2013 H3C SSHS/7/EVENT: Kex strings(2): aes128-ctr,aes192-ctr,aes256-ctr,AEAD_AES_128_GCM,AEAD_AES_256_GCM,aes128-cbc,3des-cbc,aes256-cbc,des-cbc

*Jan  2 21:48:14:956 2013 H3C SSHS/7/EVENT: Kex strings(3): aes128-ctr,aes192-ctr,aes256-ctr,AEAD_AES_128_GCM,AEAD_AES_256_GCM,aes128-cbc,3des-cbc,aes256-cbc,des-cbc

*Jan  2 21:48:14:956 2013 H3C SSHS/7/EVENT: Kex strings(4): hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

*Jan  2 21:48:14:956 2013 H3C SSHS/7/EVENT: Kex strings(5): hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

*Jan  2 21:48:14:957 2013 H3C SSHS/7/EVENT: Kex strings(6): none,zlib,zlib@openssh.com

*Jan  2 21:48:14:957 2013 H3C SSHS/7/EVENT: Kex strings(7): none,zlib,zlib@openssh.com

*Jan  2 21:48:14:957 2013 H3C SSHS/7/EVENT: Kex strings(8): 

*Jan  2 21:48:14:957 2013 H3C SSHS/7/EVENT: Kex strings(9): 

*Jan  2 21:48:14:958 2013 H3C SSHS/7/EVENT: Peer proposal kex:

*Jan  2 21:48:14:958 2013 H3C SSHS/7/EVENT: Kex strings(0): curve25519-sha256@***.***,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com

*Jan  2 21:48:14:958 2013 H3C SSHS/7/EVENT: Kex strings(1): ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss

*Jan  2 21:48:14:958 2013 H3C SSHS/7/EVENT: Kex strings(2): chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,arcfour128,arcfour256

*Jan  2 21:48:14:959 2013 H3C SSHS/7/EVENT: Kex strings(3): chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,arcfour128,arcfour256

*Jan  2 21:48:14:959 2013 H3C SSHS/7/EVENT: Kex strings(4): hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,none

*Jan  2 21:48:14:959 2013 H3C SSHS/7/EVENT: Kex strings(5): hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,none

*Jan  2 21:48:14:959 2013 H3C SSHS/7/EVENT: Kex strings(6): none

*Jan  2 21:48:14:960 2013 H3C SSHS/7/EVENT: Kex strings(7): none

*Jan  2 21:48:14:960 2013 H3C SSHS/7/EVENT: Kex strings(8): 

*Jan  2 21:48:14:960 2013 H3C SSHS/7/EVENT: Kex strings(9): 

*Jan  2 21:48:14:963 2013 H3C SSHS/7/EVENT: Kex: client->server, Encrypt: aes128-ctr, HMAC: hmac-sha2-256, Compress: none

*Jan  2 21:48:14:966 2013 H3C SSHS/7/EVENT: Kex: server->client, Encrypt: aes128-ctr, HMAC: hmac-sha2-256, Compress: none

*Jan  2 21:48:15:035 2013 H3C SSHS/7/EVENT: Expecting packet type 30.

*Jan  2 21:48:15:037 2013 H3C SSHS/7/MESSAGE: Received packet type 30.

*Jan  2 21:48:15:078 2013 H3C SSHS/7/MESSAGE: Prepare packet[31].

*Jan  2 21:48:15:087 2013 H3C SSHS/7/MESSAGE: Prepare packet[21].

*Jan  2 21:48:15:087 2013 H3C SSHS/7/EVENT: Set new keys: mode=1

*Jan  2 21:48:15:088 2013 H3C SSHS/7/EVENT: Expecting packet type 21.

*Jan  2 21:48:15:098 2013 H3C SSHS/7/EVENT: Set new keys: mode=0

*Jan  2 21:48:15:098 2013 H3C SSHS/7/MESSAGE: Received packet type 21.

*Jan  2 21:48:15:099 2013 H3C SSHS/7/EVENT: KEX done.

*Jan  2 21:48:15:100 2013 H3C SSHS/7/MESSAGE: Received packet type 5.

*Jan  2 21:48:15:101 2013 H3C SSHS/7/EVENT: Received SSH2_MSG_SERVICE_REQUEST.

*Jan  2 21:48:15:101 2013 H3C SSHS/7/MESSAGE: Prepare packet[6].

*Jan  2 21:48:17:690 2013 H3C SSHS/7/MESSAGE: Received packet type 50.

*Jan  2 21:48:17:690 2013 H3C SSHS/7/EVENT: Received SSH2_MSG_USERAUTH_REQUEST.

*Jan  2 21:48:17:690 2013 H3C SSHS/7/EVENT: Username: it01, service: ssh-connection, method: none

*Jan  2 21:48:17:692 2013 H3C SSHS/7/EVENT: PAM: initializing for "it01", service:login, domain:

*Jan  2 21:48:18:057 2013 H3C SSHS/7/EVENT: Try authentication method none.

*Jan  2 21:48:18:057 2013 H3C SSHS/7/EVENT: Get authentication methods: password

*Jan  2 21:48:18:057 2013 H3C SSHS/7/MESSAGE: Prepare packet[51].

*Jan  2 21:48:22:993 2013 H3C SSHS/7/MESSAGE: Received packet type 50.

*Jan  2 21:48:22:993 2013 H3C SSHS/7/EVENT: Received SSH2_MSG_USERAUTH_REQUEST.

*Jan  2 21:48:22:994 2013 H3C SSHS/7/EVENT: Username: it01, service: ssh-connection, method: password

*Jan  2 21:48:22:994 2013 H3C SSHS/7/EVENT: Try authentication method password.

*Jan  2 21:48:22:994 2013 H3C SSHS/7/EVENT: Password authentication and authorization.

*Jan  2 21:48:23:010 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Processing RADIUS authentication.

*Jan  2 21:48:23:011 2013 H3C RADIUS/7/EVENT: Processing AAA request data.

*Jan  2 21:48:23:011 2013 H3C RADIUS/7/EVENT: Got request data successfully, primitive: authentication.

*Jan  2 21:48:23:011 2013 H3C RADIUS/7/EVENT: Getting RADIUS server info.

*Jan  2 21:48:23:011 2013 H3C RADIUS/7/EVENT: Got RADIUS server info successfully.

*Jan  2 21:48:23:012 2013 H3C RADIUS/7/EVENT: Created request context successfully.

*Jan  2 21:48:23:012 2013 H3C RADIUS/7/EVENT: Created request packet successfully, dstIP: 192.168.40.217, dstPort: 1812, VPN instance: --(public), socketFd: 35, pktID: 203.

*Jan  2 21:48:23:012 2013 H3C RADIUS/7/EVENT: Added packet socketfd to epoll successfully, socketFd: 35.

*Jan  2 21:48:23:013 2013 H3C RADIUS/7/EVENT: Mapped PAM item to RADIUS attribute successfully.

*Jan  2 21:48:23:014 2013 H3C RADIUS/7/EVENT: Got RADIUS username format successfully, format: 1.

*Jan  2 21:48:23:014 2013 H3C RADIUS/7/EVENT: Added attribute user-name successfully, user-name: it01@***.***.

*Jan  2 21:48:23:014 2013 H3C RADIUS/7/EVENT: Filled RADIUS attributes in packet successfully.

*Jan  2 21:48:23:014 2013 H3C RADIUS/7/EVENT: Composed request packet successfully.

*Jan  2 21:48:23:015 2013 H3C RADIUS/7/EVENT: Created response timeout timer successfully.

*Jan  2 21:48:23:015 2013 H3C RADIUS/7/PACKET: 

    User-Name="it01@***.***"

    NAS-Identifier="H3C"

    Framed-IP-Address=192.168.10.1

    H3C-NAS-Port-Name="Vlan-interface40"

    NAS-Port-Type=Virtual

    Calling-Station-

    User-Password=******

    Acct-Session-

    Service-Type=Login-User

    NAS-IP-Address=192.168.40.254

    H3c-Product-

    H3c-Nas-Startup-Timestamp=1356998406

*Jan  2 21:48:23:016 2013 H3C RADIUS/7/EVENT: Sent request packet successfully.

*Jan  2 21:48:23:017 2013 H3C RADIUS/7/PACKET: 

 01 cb 00 c5 8d 43 92 ae 1c 7c 6d fa 44 2d 60 ab 

 c3 2d 7c 0f 01 0f 69 74 30 31 40 73 74 61 72 2e 

 63 6f 6d 20 05 48 33 43 08 06 c0 a8 0a 01 1a 18 

 00 00 63 a2 e6 12 56 6c 61 6e 2d 69 6e 74 65 72 

 66 61 63 65 34 30 3d 06 00 00 00 05 1f 0e 31 39 

 32 2e 31 36 38 2e 31 30 2e 31 02 12 ba 48 5b b9 

 1c ed 34 44 94 bc bd 8c 69 53 87 fa 2c 28 30 30 

 30 30 30 30 30 31 32 30 31 33 30 31 30 32 32 31 

 34 38 32 32 30 30 30 30 30 30 30 31 30 38 31 30 

 31 37 30 34 06 06 00 00 00 01 04 06 c0 a8 28 fe 

 1a 19 00 00 63 a2 ff 13 48 33 43 20 53 35 31 33 

 30 53 2d 32 38 50 2d 45 49 1a 0c 00 00 63 a2 3b 

 06 50 e2 27 06 

*Jan  2 21:48:23:017 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Sent authentication request successfully.

*Jan  2 21:48:23:017 2013 H3C RADIUS/7/EVENT: Sent request packet and create request context successfully.

*Jan  2 21:48:23:018 2013 H3C RADIUS/7/EVENT: Added request context to global table successfully.

*Jan  2 21:48:23:018 2013 H3C RADIUS/7/EVENT: Processing AAA request data.

*Jan  2 21:48:23:071 2013 H3C RADIUS/7/EVENT: Reply SocketFd recieved EPOLLIN event.

*Jan  2 21:48:23:071 2013 H3C RADIUS/7/EVENT: Received reply packet succuessfully.

*Jan  2 21:48:23:071 2013 H3C RADIUS/7/EVENT: Found request context, dstIP: 192.168.40.217, dstPort: 1812, VPN instance: --(public), socketFd: 35, pktID: 203.

*Jan  2 21:48:23:071 2013 H3C RADIUS/7/EVENT: The reply packet is valid.

*Jan  2 21:48:23:072 2013 H3C RADIUS/7/EVENT: Decoded reply packet successfully.

*Jan  2 21:48:23:073 2013 H3C RADIUS/7/PACKET: 

    Reply-Message="Switch enable access granted by PacketFence"

*Jan  2 21:48:23:073 2013 H3C RADIUS/7/PACKET: 

 02 cb 00 41 74 08 af d3 54 c0 3d 97 e5 fc 2f a4 

 18 1f 26 26 12 2d 53 77 69 74 63 68 20 65 6e 61 

 62 6c 65 20 61 63 63 65 73 73 20 67 72 61 6e 74 

 65 64 20 62 79 20 50 61 63 6b 65 74 46 65 6e 63 

 65 

*Jan  2 21:48:23:073 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Fetched authentication reply-data successfully, resultCode: 0

*Jan  2 21:48:23:074 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Received authentication reply message, resultCode: 0

*Jan  2 21:48:23:076 2013 H3C RADIUS/7/EVENT: Sent reply message successfully.

*Jan  2 21:48:23:077 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Processing RADIUS authorization.

*Jan  2 21:48:23:078 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: RADIUS Authorization successfully.

*Jan  2 21:48:23:078 2013 H3C SSHS/7/EVENT: PAM: Get work directory flash:.

*Jan  2 21:48:23:079 2013 H3C SSHS/7/EVENT: PAM: password authentication accepted for it01.

*Jan  2 21:48:23:079 2013 H3C SSHS/7/EVENT: PAM: accounting.

*Jan  2 21:48:23:080 2013 H3C SSHS/7/EVENT: PAM: account management : 0 (success)

%Jan  2 21:48:23:081 2013 H3C SSHS/6/SSHS_AUTH_SUCCESS: SSH user it01 from 192.168.10.1 port 59608 passed password authentication.

*Jan  2 21:48:23:081 2013 H3C SSHS/7/MESSAGE: Prepare packet[52].

*Jan  2 21:48:23:084 2013 H3C SSHS/7/EVENT: Entering interactive session for SSH2.

*Jan  2 21:48:23:084 2013 H3C SSHS/7/EVENT: Initiate server message dispatch, compatibility:1/0 

*Jan  2 21:48:23:087 2013 H3C SSHS/7/MESSAGE: Received packet type 90.

*Jan  2 21:48:23:087 2013 H3C SSHS/7/EVENT: Received SSH2_MSG_CHANNEL_OPEN: ctype session, rchan 0, win 32768, max 16384

*Jan  2 21:48:23:088 2013 H3C SSHS/7/EVENT: Received session request.

*Jan  2 21:48:23:088 2013 H3C SSHS/7/EVENT: Channel 0: new [server-session]

*Jan  2 21:48:23:088 2013 H3C SSHS/7/EVENT: Session id 0 unused.

*Jan  2 21:48:23:089 2013 H3C SSHS/7/EVENT: Session opened: session 0, link with channel 0

*Jan  2 21:48:23:089 2013 H3C SSHS/7/MESSAGE: Prepare packet[91].

*Jan  2 21:48:23:104 2013 H3C SSHS/7/MESSAGE: Received packet type 98.

*Jan  2 21:48:23:104 2013 H3C SSHS/7/EVENT: Received SSH2_MSG_CHANNEL_REQUEST: channel 0, request x11-req, reply 1

*Jan  2 21:48:23:104 2013 H3C SSHS/7/EVENT: Channel request: user it01, service type 1 rtype:x11-req

*Jan  2 21:48:23:104 2013 H3C SSHS/7/MESSAGE: Prepare packet[100].

*Jan  2 21:48:23:108 2013 H3C SSHS/7/MESSAGE: Received packet type 98.

*Jan  2 21:48:23:108 2013 H3C SSHS/7/EVENT: Received SSH2_MSG_CHANNEL_REQUEST: channel 0, request pty-req, reply 0

*Jan  2 21:48:23:108 2013 H3C SSHS/7/EVENT: Channel request: user it01, service type 1 rtype:pty-req

*Jan  2 21:48:23:121 2013 H3C SSHS/7/EVENT: Open pty: pseudo-terminal-master(36), pseudo-terminal-sub(34)

*Jan  2 21:48:23:123 2013 H3C SSHS/7/MESSAGE: Received packet type 98.

*Jan  2 21:48:23:124 2013 H3C SSHS/7/EVENT: Received SSH2_MSG_CHANNEL_REQUEST: channel 0, request shell, reply 0

*Jan  2 21:48:23:124 2013 H3C SSHS/7/EVENT: Channel request: user it01, service type 1 rtype:shell

*Jan  2 21:48:23:132 2013 H3C SSHS/7/EVENT: Channel 0: read_fd 38 is a TTY.

*Jan  2 21:48:23:133 2013 H3C SSHS/7/MESSAGE: Prepare packet[93].

*Jan  2 21:48:24:133 2013 H3C SSHS/7/EVENT: PAM: opening session.

*Jan  2 21:48:24:139 2013 H3C SSHS/7/EVENT: Setup environment: user=it01, work directory=flash:

*Jan  2 21:48:24:141 2013 H3C SSHS/7/EVENT: Get default work dir: flash:, return:0

%Jan  2 21:48:24:142 2013 H3C SSHS/6/SSHS_CONNECT: SSH user it01 (IP: 192.168.10.1) connected to the server successfully.

*Jan  2 21:48:24:545 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: RADIUS accounting started.

*Jan  2 21:48:24:545 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Sent accounting-start request successfully.

*Jan  2 21:48:24:546 2013 H3C RADIUS/7/EVENT: Processing AAA request data.

*Jan  2 21:48:24:546 2013 H3C RADIUS/7/EVENT: Got request data successfully, primitive: accounting-start.

*Jan  2 21:48:24:546 2013 H3C RADIUS/7/EVENT: Getting RADIUS server info.

*Jan  2 21:48:24:547 2013 H3C RADIUS/7/EVENT: Got RADIUS server info successfully.

*Jan  2 21:48:24:547 2013 H3C RADIUS/7/EVENT: Created request context successfully.

*Jan  2 21:48:24:547 2013 H3C RADIUS/7/EVENT: Created request packet successfully, dstIP: 192.168.40.217, dstPort: 1813, VPN instance: --(public), socketFd: 48, pktID: 131.

*Jan  2 21:48:24:548 2013 H3C RADIUS/7/EVENT: Added packet socketfd to epoll successfully, socketFd: 48.

*Jan  2 21:48:24:548 2013 H3C RADIUS/7/EVENT: Mapped PAM item to RADIUS attribute successfully.

*Jan  2 21:48:24:548 2013 H3C RADIUS/7/EVENT: Got RADIUS username format successfully, format: 1.

*Jan  2 21:48:24:549 2013 H3C RADIUS/7/EVENT: Added attribute user-name successfully, user-name: it01@***.***.

*Jan  2 21:48:24:551 2013 H3C RADIUS/7/EVENT: Filled RADIUS attributes in packet successfully.

*Jan  2 21:48:24:551 2013 H3C RADIUS/7/EVENT: Composed request packet successfully.

*Jan  2 21:48:24:551 2013 H3C RADIUS/7/EVENT: Created response timeout timer successfully.

*Jan  2 21:48:24:552 2013 H3C RADIUS/7/PACKET: 

    User-Name="it01@***.***"

    NAS-Identifier="H3C"

    Framed-IP-Address=192.168.10.1

    Calling-Station-

    NAS-Port-Type=Virtual

    Acct-Session-

    NAS-IP-Address=192.168.40.254

    Acct-Status-Type=Start

    Acct-Delay-Time=0

    Event-Timestamp="Jan  2 2013 21:48:24 UTC"

    H3c-Product-

    H3c-Nas-Startup-Timestamp=1356998406

*Jan  2 21:48:24:554 2013 H3C RADIUS/7/EVENT: Sent request packet successfully.

*Jan  2 21:48:24:554 2013 H3C RADIUS/7/PACKET: 

 04 83 00 a7 4c a5 1d 33 02 07 5d 51 1d b0 dc 45 

 5a 8d 19 79 01 0f 69 74 30 31 40 73 74 61 72 2e 

 63 6f 6d 20 05 48 33 43 08 06 c0 a8 0a 01 1f 0e 

 31 39 32 2e 31 36 38 2e 31 30 2e 31 3d 06 00 00 

 00 05 2c 28 30 30 30 30 30 30 30 31 32 30 31 33 

 30 31 30 32 32 31 34 38 32 34 30 30 30 30 30 30 

 30 31 30 38 31 30 31 37 30 36 04 06 c0 a8 28 fe 

 28 06 00 00 00 01 29 06 00 00 00 00 37 06 50 e4 

 ab 28 1a 19 00 00 63 a2 ff 13 48 33 43 20 53 35 

 31 33 30 53 2d 32 38 50 2d 45 49 1a 0c 00 00 63 

 a2 3b 06 50 e2 27 06 

*Jan  2 21:48:24:555 2013 H3C RADIUS/7/EVENT: Sent request packet and create request context successfully.

*Jan  2 21:48:24:556 2013 H3C RADIUS/7/EVENT: Added request context to global table successfully.

*Jan  2 21:48:24:556 2013 H3C RADIUS/7/EVENT: Processing AAA request data.

*Jan  2 21:48:24:556 2013 H3C RADIUS/7/EVENT: Reply SocketFd recieved EPOLLIN event.

*Jan  2 21:48:24:557 2013 H3C RADIUS/7/EVENT: Received reply packet succuessfully.

*Jan  2 21:48:24:557 2013 H3C RADIUS/7/EVENT: Found request context, dstIP: 192.168.40.217, dstPort: 1813, VPN instance: --(public), socketFd: 48, pktID: 131.

*Jan  2 21:48:24:557 2013 H3C RADIUS/7/EVENT: The reply packet is valid.

*Jan  2 21:48:24:558 2013 H3C RADIUS/7/EVENT: Decoded reply packet successfully.

*Jan  2 21:48:24:558 2013 H3C RADIUS/7/PACKET: 

    Reply-Message="Accounting OK"

*Jan  2 21:48:24:558 2013 H3C RADIUS/7/PACKET: 

 05 83 00 23 2e fa 31 28 d3 5a 28 83 8f 45 96 06 

 ea 9f 13 fb 12 0f 41 63 63 6f 75 6e 74 69 6e 67 

 20 4f 4b 

*Jan  2 21:48:24:559 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Fetched accounting-start reply-data successfully, resultCode: 0

*Jan  2 21:48:24:559 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Received accounting-start reply message, resultCode: 0

*Jan  2 21:48:24:560 2013 H3C RADIUS/7/EVENT: Sent reply message successfully.

*Jan  2 21:48:24:577 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: RADIUS accounting stopped.

*Jan  2 21:48:24:577 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Sent accounting-stop request successfully.

*Jan  2 21:48:24:577 2013 H3C RADIUS/7/EVENT: Processing AAA request data.

*Jan  2 21:48:24:577 2013 H3C RADIUS/7/EVENT: Got request data successfully, primitive: accounting-stop.

*Jan  2 21:48:24:578 2013 H3C RADIUS/7/EVENT: Getting RADIUS server info.

*Jan  2 21:48:24:578 2013 H3C RADIUS/7/EVENT: Got RADIUS server info successfully.

*Jan  2 21:48:24:578 2013 H3C RADIUS/7/EVENT: Created request context successfully.

*Jan  2 21:48:24:578 2013 H3C RADIUS/7/EVENT: Created request packet successfully, dstIP: 192.168.40.217, dstPort: 1813, VPN instance: --(public), socketFd: 48, pktID: 132.

*Jan  2 21:48:24:578 2013 H3C RADIUS/7/EVENT: Added packet socketfd to epoll successfully, socketFd: 48.

*Jan  2 21:48:24:578 2013 H3C RADIUS/7/EVENT: Mapped PAM item to RADIUS attribute successfully.

*Jan  2 21:48:24:579 2013 H3C RADIUS/7/EVENT: Got RADIUS username format successfully, format: 1.

*Jan  2 21:48:24:579 2013 H3C RADIUS/7/EVENT: Added attribute user-name successfully, user-name: it01@***.***.

*Jan  2 21:48:24:580 2013 H3C RADIUS/7/EVENT: Filled RADIUS attributes in packet successfully.

*Jan  2 21:48:24:580 2013 H3C RADIUS/7/EVENT: Composed request packet successfully.

*Jan  2 21:48:24:580 2013 H3C RADIUS/7/EVENT: Created response timeout timer successfully.

*Jan  2 21:48:24:582 2013 H3C RADIUS/7/PACKET: 

    User-Name="it01@***.***"

    Framed-IP-Address=192.168.10.1

    Calling-Station-

    NAS-Port-Type=Virtual

    Acct-Session-

    NAS-Identifier="H3C"

    NAS-IP-Address=192.168.40.254

    Acct-Session-Time=0

    Acct-Status-Type=Stop

    Acct-Delay-Time=0

    Event-Timestamp="Jan  2 2013 21:48:24 UTC"

    H3c-Product-

    H3c-Nas-Startup-Timestamp=1356998406

*Jan  2 21:48:24:583 2013 H3C RADIUS/7/EVENT: Sent request packet successfully.

*Jan  2 21:48:24:584 2013 H3C RADIUS/7/PACKET: 

 04 84 00 ad 36 a0 d2 9e 1c dd 1e 4a 73 56 4b 06 

 60 18 5d 12 01 0f 69 74 30 31 40 73 74 61 72 2e 

 63 6f 6d 08 06 c0 a8 0a 01 1f 0e 31 39 32 2e 31 

 36 38 2e 31 30 2e 31 3d 06 00 00 00 05 2c 28 30 

 30 30 30 30 30 30 31 32 30 31 33 30 31 30 32 32 

 31 34 38 32 34 30 30 30 30 30 30 30 31 30 38 31 

 30 31 37 30 36 20 05 48 33 43 04 06 c0 a8 28 fe 

 2e 06 00 00 00 00 28 06 00 00 00 02 29 06 00 00 

 00 00 37 06 50 e4 ab 28 1a 19 00 00 63 a2 ff 13 

 48 33 43 20 53 35 31 33 30 53 2d 32 38 50 2d 45 

 49 1a 0c 00 00 63 a2 3b 06 50 e2 27 06 

*Jan  2 21:48:24:584 2013 H3C RADIUS/7/EVENT: Sent request packet and create request context successfully.

*Jan  2 21:48:24:585 2013 H3C RADIUS/7/EVENT: Added request context to global table successfully.

*Jan  2 21:48:24:585 2013 H3C RADIUS/7/EVENT: Processing AAA request data.

*Jan  2 21:48:24:585 2013 H3C RADIUS/7/EVENT: Reply SocketFd recieved EPOLLIN event.

*Jan  2 21:48:24:585 2013 H3C RADIUS/7/EVENT: Received reply packet succuessfully.

*Jan  2 21:48:24:586 2013 H3C RADIUS/7/EVENT: Found request context, dstIP: 192.168.40.217, dstPort: 1813, VPN instance: --(public), socketFd: 48, pktID: 132.

*Jan  2 21:48:24:586 2013 H3C RADIUS/7/EVENT: The reply packet is valid.

*Jan  2 21:48:24:587 2013 H3C RADIUS/7/EVENT: Decoded reply packet successfully.

*Jan  2 21:48:24:587 2013 H3C RADIUS/7/PACKET: 

    Reply-Message="Accounting OK"

*Jan  2 21:48:24:587 2013 H3C RADIUS/7/PACKET: 

 05 84 00 23 68 a2 fe ec 30 05 32 07 be 34 05 3c 

 b3 e7 0f 7b 12 0f 41 63 63 6f 75 6e 74 69 6e 67 

 20 4f 4b 

*Jan  2 21:48:24:588 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Fetched accounting-stop reply-data successfully, resultCode: 0

*Jan  2 21:48:24:588 2013 H3C RADIUS/7/EVENT: PAM_RADIUS: Received accounting-stop reply message, resultCode: 0

*Jan  2 21:48:24:588 2013 H3C RADIUS/7/EVENT: Sent reply message successfully.

*Jan  2 21:48:24:602 2013 H3C SSHS/7/EVENT: Channel 0: read failed

*Jan  2 21:48:24:603 2013 H3C SSHS/7/EVENT: Channel 0: input state changed (open -> drain)

*Jan  2 21:48:24:603 2013 H3C SSHS/7/EVENT: Channel 0: send EOF

*Jan  2 21:48:24:603 2013 H3C SSHS/7/MESSAGE: Prepare packet[96].

*Jan  2 21:48:24:605 2013 H3C SSHS/7/EVENT: Channel 0: input state changed (drain -> closed)

*Jan  2 21:48:24:609 2013 H3C SSHS/7/MESSAGE: Received packet type 96.

*Jan  2 21:48:24:614 2013 H3C SSHS/7/EVENT: Channel 0: received EOF

*Jan  2 21:48:24:614 2013 H3C SSHS/7/EVENT: Channel 0: output state changed (open -> drain)

*Jan  2 21:48:24:614 2013 H3C SSHS/7/EVENT: Channel 0: output state changed (drain -> closed)

*Jan  2 21:48:24:615 2013 H3C SSHS/7/EVENT: Received SIGCHLD.

*Jan  2 21:48:24:615 2013 H3C SSHS/7/EVENT: Channel 0: request exit-status confirm 0

*Jan  2 21:48:24:615 2013 H3C SSHS/7/MESSAGE: Prepare packet[98].

*Jan  2 21:48:24:618 2013 H3C SSHS/7/EVENT: Release channel 0

*Jan  2 21:48:24:618 2013 H3C SSHS/7/EVENT: Close pty: pseudo-terminal-master(-1), pseudo-terminal-sub(34)

*Jan  2 21:48:24:619 2013 H3C SSHS/7/EVENT: Channel 0: send SSH2_MSG_CHANNEL_CLOSE

*Jan  2 21:48:24:620 2013 H3C SSHS/7/MESSAGE: Prepare packet[97].

*Jan  2 21:48:24:631 2013 H3C SSHS/7/MESSAGE: Received packet type 97.

*Jan  2 21:48:24:632 2013 H3C SSHS/7/EVENT: Channel 0: received SSH2_MSG_CHANNEL_CLOSE

*Jan  2 21:48:24:632 2013 H3C SSHS/7/EVENT: Close session: session 0, pid 0

*Jan  2 21:48:24:632 2013 H3C SSHS/7/EVENT: Close pty: pseudo-terminal-master(-1), pseudo-terminal-sub(-1)

*Jan  2 21:48:24:633 2013 H3C SSHS/7/EVENT: Session id 0 unused.

*Jan  2 21:48:24:633 2013 H3C SSHS/7/EVENT: Channel 0: garbage collecting

*Jan  2 21:48:24:633 2013 H3C SSHS/7/EVENT: Connection closed by 192.168.10.1

*Jan  2 21:48:24:634 2013 H3C SSHS/7/EVENT: PAM: cleanup

*Jan  2 21:48:24:648 2013 H3C SSHS/7/EVENT: Transferred: sent 1256 bytes, received 2664 bytes

%Jan  2 21:48:24:648 2013 H3C SSHS/6/SSHS_LOG: User it01 logged out from 192.168.10.1 port 59608.

%Jan  2 21:48:24:648 2013 H3C SSHS/6/SSHS_DISCONNECT: SSH user it01 (IP: 192.168.10.1) disconnected from the server.

 

 

最佳答案

無名之輩
無名之輩 九段
粉絲:109人 關注:0人

您好,根據上述分析,建議您首先檢查RADIUS服務器是否正確下發了用戶角色權限,並在交換機上配置默認用戶角色。同時,使用調試命令查看RADIUS服務器返回的屬性值,確認是否存在不匹配的Login-Service屬性或計費相關問題。通過這些步驟,應該能夠定位並解決SSH連接後立即斷開的問題。

暫無評論

1 個回答
按時間 按讚數
zhl188
zhl188 六段
粉絲:1人 關注:3人

加上它看看

域名沒有和radius關聯

暫無評論

編輯答案

你正在編輯答案

如果你要對問題或其他回答進行點評或詢問,請使用評論功能。

分享擴散:

提出建議

    +
網站相關
關於我們
服務條款
隱私政策
幫助中心
經驗與權限
積分規則
聯係我們
聯係我們
建議反饋
常用鏈接
標杆的神器下載
關注我們
H3C官網
BOB登陆 服務公眾號
安仔遠程運維服務
BOB登陆 商城
內容許可
除特別說明外,用戶內容均可采用知識共享署名-相同方式共享3.0中國大陸許可協議進行許可

Copyright©2025BOB登陆 集團保留一切權利 當前呈現版本 NO.1

本圖標版權歸BOB登陆 集團所有,僅限本社區使用,切勿用做商業目的,違者必究

浙ICP備09064986號-1   浙公網安備 33010802004416號

親~登錄後才可以操作哦!

確定

親~檢測到您登陸的賬號未在http://hclhub.h3c.com進行注冊

注冊後可訪問此模塊

跳轉hclhub

你的郵箱還未認證,請認證郵箱或綁定手機後進行當前操作

舉報

×

侵犯我的權益 >
對根叔社區有害的內容 >
辱罵、歧視、挑釁等(不友善)

侵犯我的權益

×

泄露了我的隱私 >
侵犯了我企業的權益 >
抄襲了我的內容 >
誹謗我 >
辱罵、歧視、挑釁等(不友善)
騷擾我

泄露了我的隱私

×

您好,當您發現根叔知了上有泄漏您隱私的內容時,您可以向根叔知了進行舉報。 請您把以下內容通過郵件發送到pub.zhiliao@h3c.com 郵箱,我們會盡快處理。
  • 1. 您認為哪些內容泄露了您的隱私?(請在郵件中列出您舉報的內容、鏈接地址,並給出簡短的說明)
  • 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)

侵犯了我企業的權益

×

您好,當您發現根叔知了上有關於您企業的造謠與誹謗、商業侵權等內容時,您可以向根叔知了進行舉報。 請您把以下內容通過郵件發送到 pub.zhiliao@h3c.com 郵箱,我們會在審核後盡快給您答複。
  • 1. 您舉報的內容是什麼?(請在郵件中列出您舉報的內容和鏈接地址)
  • 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)
  • 3. 是哪家企業?(營業執照,單位登記證明等證件)
  • 4. 您與該企業的關係是?(您是企業法人或被授權人,需提供企業委托授權書)
我們認為知名企業應該坦然接受公眾討論,對於答案中不準確的部分,我們歡迎您以正式或非正式身份在根叔知了上進行澄清。

抄襲了我的內容

×

原文鏈接或出處

誹謗我

×

您好,當您發現根叔知了上有誹謗您的內容時,您可以向根叔知了進行舉報。 請您把以下內容通過郵件發送到pub.zhiliao@h3c.com 郵箱,我們會盡快處理。
  • 1. 您舉報的內容以及侵犯了您什麼權益?(請在郵件中列出您舉報的內容、鏈接地址,並給出簡短的說明)
  • 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)
我們認為知名企業應該坦然接受公眾討論,對於答案中不準確的部分,我們歡迎您以正式或非正式身份在根叔知了上進行澄清。

對根叔社區有害的內容

×

垃圾廣告信息
色情、暴力、血腥等違反法律法規的內容
政治敏感
不規範轉載 >
辱罵、歧視、挑釁等(不友善)
騷擾我
誘導投票

不規範轉載

×

舉報說明