1-109
Cisco Security Appliance System Log Messages Guide
OL-12171-03
Chapter 1 Syslog Messages
Messages 302003 to 339001
315011
Error Message %PIX|ASA-6-315011: SSH session from IP_address on interface
interface_name for user user disconnected by SSH server, reason: reason
Explanation This message appears after an SSH session completes. If a user enters quit or exit, the
terminated normally message displays. If the session disconnected for another reason, the text
describes the reason. Table 1-4 lists the possible reasons why a session disconnected.
Table 1-4 SSH Disconnect Reasons
Text String Explanation Action
Bad checkbytes A mismatch was detected in the check
bytes during an SSH key exchange.
Restart the SSH session.
CRC check
failed
The CRC value computed for a
particular packet does not match the
CRC value embedded in the packet; the
packet is bad.
None required. If this message persists,
call Cisco TAC.
Decryption
failure
Decryption of an SSH session key
failed during an SSH key exchange.
Check the RSA host key and try again.
Format error A non-protocol version message was
received during an SSH version
exchange.
Check the SSH client, to ensure it is a
supported version.
Internal error This message indicates either an error
internal to SSH on the security
appliance or an RSA key may not have
been entered on the security appliance
or cannot be retrieved.
From the security appliance console, enter
the show crypto key mypubkey rsa
command to verify that the RSA host key
is present. If the host key is not present,
enter the show version command to verify
that DES or 3DES is allowed. If an RSA
host key is present, restart the SSH
session. To generate the RSA host key,
enter the crypto key mypubkey rsa
command.
Invalid cipher
type
The SSH client requested an
unsupported cipher.
Enter the show version command to
determine what features your license
supports, then reconfigure the SSH client
to use the supported cipher.
Invalid message
length
The length of SSH message arriving at
the security appliance exceeds 262,144
bytes or is shorter than 4096 bytes. The
data may be corrupted.
None required.
Invalid message
type
The security appliance received a
non-SSH message, or an unsupported
or unwanted SSH message.
Check whether the peer is an SSH client. If
it is a client supporting SSHv1, and this
message persists, from the security
appliance serial console enter the debug
ssh command and capture the debug
messages. contact the Cisco TAC.