Help Center/ Cloud Bastion Host/ FAQs/ Troubleshooting/ CBH Managed Resource Login Failures/ Why Am I Seeing Login Errors of Code: C_515 When I Use a Web Browser for Resource O&M?
Updated on 2024-04-24 GMT+08:00

Why Am I Seeing Login Errors of Code: C_515 When I Use a Web Browser for Resource O&M?

Symptoms

When a user attempts to log in to a Linux host using a web browser, a login error (Code: C_515) is reported, indicating that an error occurs and the user can try again or contact the administrator.

Possible Causes

  • Cause 1: The number of incorrect password attempts exceeds the upper limit for Linux hosts. As a result, the CBH IP address is added to the /etc/hosts.deny file.
  • Cause 2: Host Security Service (HSS) is enabled on the Linux host. After multiple login attempts with incorrect passwords, the internal IP address of CBH is added to the /etc/sshd.deny.hostguard file by HSS.
  • Cause 3: CBH does not support the SSH algorithms used by host OSs. (Only for CBH earlier than V3.3.38)

Removing Restriction from /etc/hosts.deny

  1. Log in to the Linux Server as an administrator.
  2. Run the following command to view the /var/log/secure log and check whether the host rejects the IP address of the CBH instance:

    cat /var/log/secure

  3. Run the following command to edit the /etc/hosts.deny file and delete the IP address of the CBH instance from the file:

    vim /etc/hosts.deny

  4. (Optional) Whitelist the CBH IP address.

    To use the CBH instance properly, run the following command to edit the /etc/hosts.allow file on the Linux host and allow all CBH IP addresses to log in to the host:

    vim /etc/hosts.allow

Removing IP Address Restrictions from HSS

  1. View the /etc/sshd.deny.hostguard file.

    1. Log in to the Linux Server as an administrator.
    2. Run the following command to query the /etc/sshd.deny.hostguard file:

      cat /etc/sshd.deny.hostguard

    3. Run the following command to open the /etc/sshd.deny.hostguard file:

      vim /etc/sshd.deny.hostguard

    4. Check whether the /etc/sshd.deny.hostguard file contains the CBH internal IP address.

  2. On the HSS management console, remove the IP address restriction.

    1. Log in to the HSS console.
    2. Choose Intrusions > Events.
    3. In the Alarm Statistics area, click Blocked IP Addresses.
    4. Locate and select the row that contains the CBH internal IP address, and click Unblock above the upper left corner of the list.

  3. (Optional) Whitelist the CBH IP address.

    On the HSS console, whitelist the CBH IP address on the Linux server.

Using CBH to manage passwords of host accounts and periodically synchronize accounts can prevent the CBH IP address from being blacklisted caused by entering incorrect passwords or using of unsynchronized zombie accounts.

Removing SSH Algorithm Restrictions

  1. Check the server configuration file /etc/ssh/sshd_config.

    1. Log in to the Linux Server as an administrator.
    2. Run the following command to query the /etc/ssh/sshd_config file:

      cat /etc/ssh/sshd_config

    3. Run the following command to open the /etc/ssh/sshd_config file:

      vim /etc/ssh/sshd_config

  2. Modify the algorithm by adding the following command to the end of the HostKeyAlgorithms line:

    ssh-rsa,ssh-dss

    If the HostKeyAlgorithms line cannot be found in your default configuration file, use this command instead: HostKeyAlgorithms ssh-rsa,ssh-dss.

  3. Run the following command to restart the SSH service:

    systemctl restart sshd

If the problem persists, click Service Tickets in the upper right corner of the management console and submit a service ticket.