<hfslc-ywm-S6805-54HF-leaf22>*Jul 1 16:13:18:257 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jul 1 16:13:18:257 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Session successfully created.
*Jul 1 16:13:18:257 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=10.120.33.34, server-port=49, VPN instance=MGMT.
*Jul 1 16:13:18:258 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Connection created, src port = 44391.
*Jul 1 16:13:18:258 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Connecting to server...
*Jul 1 16:13:18:281 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Epoll event=4, src port = 44391.
*Jul 1 16:13:18:281 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLOUT event.
*Jul 1 16:13:18:281 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Connection succeeded, server-ip=10.120.33.34, port=49, VPN instance=MGMT.
*Jul 1 16:13:18:281 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Connection established successfully, src port = 44391.
*Jul 1 16:13:18:281 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Encapsulating authentication request packet.
*Jul 1 16:13:18:281 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/send_packet:
version: 0xc0 type: AUTHEN_REQUEST seq_no: 1 flag: ENCRYPTED_FLAG
session-id: 0x8ba0f041
length of payload: 58
action: LOGIN priv_lvl: 0 authen_type: ASCII service: LOGIN
user_len: 6 port_len: 22 rem_len: 11 data_len: 11
user: stlin3
port: M-GigabitEthernet0/0/0
rem_addr: 10.254.0.84
data: ******
*Jul 1 16:13:18:305 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Epoll event=25, src port = 0.
*Jul 1 16:13:18:305 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Jul 1 16:13:18:305 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/ERROR: PAM_TACACS: Received packet with length error, length=-1, error code=104.
*Jul 1 16:13:18:305 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLERR/EPOLLHUP event.
*Jul 1 16:13:18:305 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Connection closed, src port = 0.
*Jul 1 16:13:18:305 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Reply message successfully sent.
*Jul 1 16:13:18:305 2026 hfslc-ywm-S6805-54HF-leaf22 TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
%Jul 1 16:13:18:307 2026 hfslc-ywm-S6805-54HF-leaf22 SSHS/6/SSHS_AUTH_PWD_FAIL: Authentication failed for user stlin3@network.local from 10.254.0.84 port 52006 because of invalid username or wrong password.
%Jul 1 16:13:19:463 2026 hfslc-ywm-S6805-54HF-leaf22 SSHS/6/SSHS_DISCONNECT: SSH user stlin3@network.local (IP: 10.254.0.84) disconnected from the server.
交换机对接TACAS服务器,ssh认证方式,这个报错是什么原因
10.120.33.34:49 建立 TCP 连接;stlin3 的认证请求报文正常发出;Received packet with length error, length=-1, error code=104,连接直接被服务器断开;error code=104 = TCP 连接被对端强制关闭(Connection reset by peer)
TACACS 服务器收到交换机请求后,直接断开 TCP 通道,没有返回合法 TACACS 应答包,导致交换机判定认证失败。ENCRYPTED_FLAG 加密标识,交换机和 TACACS 服务器配置的tacacs shared-key 密钥不一样:display current-configuration | include tacacs server
stlin3;10.254.0.0/24 未加入服务器白名单;
TCP 握手能建立,但业务报文回复被拦截,连接被重置。tacacs authentication scheme,仅发包无完整协商;tacacs server 10.120.33.34 vpn-instance MGMT
mtu 1400
stlin3 存在、密码正常、具备 network 设备登录权限、未锁定。invalid username or wrong password 是兜底提示:
交换机收不到 TACACS 合法应答,无法区分是密钥错、用户不存在还是服务断开,统一返回账号密码错误,不要被这句日志误导,优先排查共享密钥。暂无评论
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论