04-05-2004 09:22 AM - edited 02-20-2020 11:19 PM
Looks like an IDS sensor will lost communication with PIX firewall(s) if primary will failover to secondary in the redundant pair (if SSH used as a transport method - public key will be diff for the same IP). Unfortunately I don't think there is an event/alert from IDS about the problem.
Is anyway to prevent/recognize it? Is anyway to share SSH keys in redundant PIX setup?
04-06-2004 01:41 PM
You have correctly diagnosed the problem and as far as I am aware there is no known fix.
04-07-2004 08:20 AM
hi,
the reason for the 'communication breakdown' is the (ssh-)hostkey-checking in the redhat-os of the sensor.
here's a 'dirty' trick that work for me.
login to the sensor with the service account and type the following commands:
su
type in the password of the service account again
cd /etc/ssh/
edit the ssh_config - file
uncomment the following line:
StrictHostKeyChecking no (that means delete the # in front)
save the ssh_config - file
now you have disabled the strict check. unfortunately this is a global option!
08-10-2004 07:27 AM
This may be a good temporary solution, but I am not tremendously happy with this as a long term approach. It tends to defeat the benefits of using SSH for communications.
Any idea as to whether a better solution is available or in development?
Regards,
Chad Giulini
08-10-2004 09:58 AM
There is a DDTS Issue created for this:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb36035
I am not sure what release it will be addressed in.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: