这里给出我的日志文件配置，遵循以下原则：

1、通过浏览文件名可以获得该日志内容的主要信息
2、文件名唯一
3、每个session的日志独立

由此将Logfilename配置为：%H_%Y%M%D_%h%m_%s%t.log

其中：
%H-主机名或主机IP地址
%Y-四位年份
%M-2位月份
%D-2位日期
%h-2位小时数
%m-2位分钟数
%s-2位秒数
%t-2位毫秒数

最后，在logfile的option中，选中“Start log upon connect” 和 “Append to file”。

自此，所有在SecureCRT中显示过的信息都会如实记录在日志文件中。

No related posts.

修改 /etc/ssh/sshd_config，设置 UseDNS no

重启sshd

No related posts.

skywalker@skywalker-ubuntu:/usr$ ssh username@Firewall's IP
No valid ciphers for protocol version 2 given, using defaults.
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

临时解决方法

用ssh -v -1 -c des参数连接

skywalker@skywalker-ubuntu:/usr$ ssh -v -1 -c des username＠Firewall's IP
OpenSSH_4.6p1 Debian-5ubuntu0.1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 211.100.62.34 [211.100.62.34] port 22.
debug1: Connection established.
debug1: identity file /home/skywalker/.ssh/identity type -1
debug1: Remote protocol version 1.99, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_4.6p1 Debian-5ubuntu0.1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (512 bits).
debug1: Host '211.100.62.34' is known and matches the RSA1 host key.
debug1: Found key in /home/skywalker/.ssh/known_hosts:6
debug1: Encryption type: des
debug1: Sent encrypted session key.
Warning: use of DES is strongly discouraged due to cryptographic weaknesses
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
pix@211.100.62.34's password:

永久解决方法

如果你不想每次都带着一大串参数SSH，就需要重新生成一个合适的key，步骤如下：

1. 登录到PIX，可以用上面的方法ssh
2. >enable
3. configure terminal
4. crypto key zeroize rsa 清除现存RSA KEY
5. crypto key generate rsa modulus 1024 noconfirm 生成新的RSA KEY

如果你在刚才使用上面的方式SSH登录，那么现在你的机器中储存的KEY将与PIX不符，SSH将会提示这样的错误：

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx.xx.xx.xx
Please contact your system administrator.
Add correct host key in /home/skywalker/.ssh/known_hosts to get rid of this message.
Offending key in /home/skywalker/.ssh/known_hosts:5
RSA host key for Firewall’s IP has changed and you have requested strict checking.
Host key verification failed.

你必须首先在/.ssh/known_hosts中清除对应PIX的失效KEY ，如果不知道哪个KEY是PIX的，将known_hosts全部清除也没有关系，只是在第一次登录其他机器的时候，需要确认一次(yes/no)。

清除掉失效KEY后，ssh就可以正常登录PIX了

Related posts:

1. ubuntu7.10升级至8.04后fat分区不能访问的解决方法
2. 打包安装oracle
3. 如何保持Linux服务器间的文件同步