[Solved] SSH: LOGIN_TIMED_OUT

Unimus support forum
Post Reply
rustyjarz
Posts: 9
Joined: Mon Aug 03, 2020 7:04 am

Mon May 03, 2021 12:07 am

Hi,

Having problems with a handful of devices where I'm getting the below, yet the credentials used are fine, when logging direct there is no lag or delay in the login process and I've tweaked the default timers. I've removed / re-added the device and now I'm at an end to know what's wrong.

Error: Device login failed

Discovery log:
Service check:
SSH: Service available

Service connection:
SSH: Connection successful

Authentication:
SSH: LOGIN_TIMED_OUT
User avatar
Tomas
Posts: 984
Joined: Sat Jun 25, 2016 12:33 pm

Mon May 03, 2021 2:16 pm

Hi, "LOGIN_TIMED_OUT" means that Unimus received no recognizable data during login, or received no data at all during login - for example not getting the "Username: " or "Password: " inputs during login, etc. If you SSH to the device manually, how long does the device take to output some meaningful data?

Can you please enable both "Debug logging" and "Device output logging" under "Zones > your_zone > Debug mode", rerun the discovery, and after it fails download both the log files. Please create a ticket on our Portal, or send me the logs over a PM, and we will take a look at what's going on exactly :)
rustyjarz
Posts: 9
Joined: Mon Aug 03, 2020 7:04 am

Mon May 03, 2021 11:17 pm

Hi - When I login manually, the delay is generally <1 sec to return the prompt, there are a couple of devices that take a bit longer, which why I went to the timers and increase them.

I did try yesterday to login using the details we have in our password DB, but those details didn't work so I will need to confirm these. In the interim I'll send a PM with the attached log.
Tomas wrote:
Mon May 03, 2021 2:16 pm
Hi, "LOGIN_TIMED_OUT" means that Unimus received no recognizable data during login, or received no data at all during login - for example not getting the "Username: " or "Password: " inputs during login, etc. If you SSH to the device manually, how long does the device take to output some meaningful data?

Can you please enable both "Debug logging" and "Device output logging" under "Zones > your_zone > Debug mode", rerun the discovery, and after it fails download both the log files. Please create a ticket on our Portal, or send me the logs over a PM, and we will take a look at what's going on exactly :)
annihilatedremedy
Posts: 4
Joined: Fri Apr 16, 2021 2:36 pm

Wed May 05, 2021 2:29 pm

Jumping on to this one. I've got 139 devices configured so far. Last night's schedule run, 39 succeeded while 100 failed. Upon looking at our TACACS server, I'm getting "13031 TACACS+ authentication request missing user Password". It feels like it is hammering the devices too quickly. I see that OP mentioned timers, but I am unable to find any settings regarding timers, or to limit how many devices it attempts to back up per "thread".

Is there a way to slow down the process - not necessarily by creating multiple schedules and only doing 20-30 at a time?

In the device backup failure log, it shows: "Authentication: SSH: KNOWN_CREDENTIALS_REFUSED" - but I know the credentials work - as it worked for 39 devices at the same time.

So basically, if the system can slow down how quickly it is attempting ALL devices, but also slow down how quickly it is attempting to input the username and/or password? These are all Cisco IOS devices and also typically takes <1sec to request the next form's input.
User avatar
Tomas
Posts: 984
Joined: Sat Jun 25, 2016 12:33 pm

Wed May 05, 2021 2:45 pm

annihilatedremedy wrote:
Wed May 05, 2021 2:29 pm
Jumping on to this one. I've got 139 devices configured so far. Last night's schedule run, 39 succeeded while 100 failed. Upon looking at our TACACS server, I'm getting "13031 TACACS+ authentication request missing user Password". It feels like it is hammering the devices too quickly. I see that OP mentioned timers, but I am unable to find any settings regarding timers, or to limit how many devices it attempts to back up per "thread".
Unimus will try all credentials configured in the "Credentials" screen against all devices by default - that is the point of the Discovery mechanism. I would highly recommend using credentials binding if you have many devices and/or credentials - "Devices > Edit > Bind credentials".
annihilatedremedy wrote:
Wed May 05, 2021 2:29 pm
Is there a way to slow down the process - not necessarily by creating multiple schedules and only doing 20-30 at a time?

So basically, if the system can slow down how quickly it is attempting ALL devices, but also slow down how quickly it is attempting to input the username and/or password? These are all Cisco IOS devices and also typically takes <1sec to request the next form's input.
Yes, both are configurable. Adjust the "unimus.core.inter-connection-delay" setting in timeouts configuration to slow down the rate of logins to individual devices. Adjust the maximum number of Discovery / Backup jobs in the job concurrency settings to throttle down the maximum number of concurrent running jobs.
Post Reply