04-05-2004 09:22 AM - edited 02-20-2020 11:19 PM
Looks like an IDS sensor will lost communication with PIX firewall(s) if primary will failover to secondary in the redundant pair (if SSH used as a transport method - public key will be diff for the same IP). Unfortunately I don't think there is an event/alert from IDS about the problem.
Is anyway to prevent/recognize it? Is anyway to share SSH keys in redundant PIX setup?
04-06-2004 01:41 PM
You have correctly diagnosed the problem and as far as I am aware there is no known fix.
04-07-2004 08:20 AM
hi,
the reason for the 'communication breakdown' is the (ssh-)hostkey-checking in the redhat-os of the sensor.
here's a 'dirty' trick that work for me.
login to the sensor with the service account and type the following commands:
su
type in the password of the service account again
cd /etc/ssh/
edit the ssh_config - file
uncomment the following line:
StrictHostKeyChecking no (that means delete the # in front)
save the ssh_config - file
now you have disabled the strict check. unfortunately this is a global option!
08-10-2004 07:27 AM
This may be a good temporary solution, but I am not tremendously happy with this as a long term approach. It tends to defeat the benefits of using SSH for communications.
Any idea as to whether a better solution is available or in development?
Regards,
Chad Giulini
08-10-2004 09:58 AM
There is a DDTS Issue created for this:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb36035
I am not sure what release it will be addressed in.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide