cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
8
Helpful
4
Replies

PIX redundant pair(s) and shuning from IDS

DSmirnov
Level 1
Level 1

Looks like an IDS sensor will lost communication with PIX firewall(s) if primary will failover to secondary in the redundant pair (if SSH used as a transport method - public key will be diff for the same IP). Unfortunately I don't think there is an event/alert from IDS about the problem.

Is anyway to prevent/recognize it? Is anyway to share SSH keys in redundant PIX setup?

4 Replies 4

astuckey
Level 1
Level 1

You have correctly diagnosed the problem and as far as I am aware there is no known fix.

rkrist
Level 1
Level 1

hi,

the reason for the 'communication breakdown' is the (ssh-)hostkey-checking in the redhat-os of the sensor.

here's a 'dirty' trick that work for me.

login to the sensor with the service account and type the following commands:

su

type in the password of the service account again

cd /etc/ssh/

edit the ssh_config - file

uncomment the following line:

StrictHostKeyChecking no (that means delete the # in front)

save the ssh_config - file

now you have disabled the strict check. unfortunately this is a global option!

This may be a good temporary solution, but I am not tremendously happy with this as a long term approach. It tends to defeat the benefits of using SSH for communications.

Any idea as to whether a better solution is available or in development?

Regards,

Chad Giulini

There is a DDTS Issue created for this:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb36035

I am not sure what release it will be addressed in.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: