The customer needs to upgrade to the code having the fix for defect DEFECT000560834 orapply the workaroundto empty the last_login file for recovery. The defect is fixed in 5.02a1 code and will resolve the issue.
Recovery workaround to empty the last_login file andrecovertelnet/ssh is as follows:
Per defect 560834, the last_login file usually grows due to a DOS attack with failed ssh login attempts.
Recovery Workaround to empty the file:
cp /dev/null /etc/fabos/last_login
cat /dev/null > /etc/fabos/last_login
In such a situation, telnet/ssh can be shutdown. However, if you would like to selectively shutdown telnet/ssh in default-vrfand keep it enabled in mgmt.-vrf, then we have built script restrict_ssh for that purpose.
Installing the script:
- Using FTP, copy the script in your flash default dir
- Login as rootand the flash default dir is /var/config/vcs/scripts/
- Move this script to /scripts directory
Executing the script:
sw0# execute-script restrict_ssh -a 10.18.245.160 >>>>CLI to addIP address to permit for ssh
sw0# execute-script restrict_ssh -s >>>>CLI to showIP address configured
sw0# execute-script restrict_ssh -d 10.18.245.160 >>>>CLI to delIP address configured
sw0# execute-script restrict_ssh h >>>>CLI to display help content on how to use the script