IBM Support

QRadar: Troubleshooting SSH connections and tunnels issues

Troubleshooting


Problem

This article will guide you through troubleshooting SSH connections and tunnels in QRadar, which can ultimately lead to Deploy Changes to fail, events and flows processing to stop, failed searches and other issues.

Cause

This table includes common issues with SSH connections and tunnels and links to articles on how to resolve them:
Symptom Article
  • SSH connection "Connection time out" telnet message
  • SSH connection "Connection refused" telnet message
  • SSH connection "ssh_exchange_identification: read: Connection reset by peer"
  • SSH connection 'No route to host' or 'Host not available' telnet message
  • SSH banner when network is not blocked
  • Determining first successful SSH connection
 QRadar: Checking SSH connectivity to ensure a connection can be formed
QRadar: Managing IPtables firewall ports using the User Interface
  • Troubleshoot failed SSH connection via SSH debug options
 QRadar: Enable Debugging Mode in SSH to Troubleshoot Connectivity Issues
  • SSH key issues for Console only
  • Remote hosts SSH public key is wrong in local hosts /root/.ssh/known_hosts
  • Reviewing the Console's public key file is present on the managed host
  • Review the permissions within the /root/.ssh directory for Console & managed hosts
 QRadar: Troubleshooting SSH when connections cannot be established due to key issues
  • SSH connection or tunnel fails due to SSH cipher mismatch
 QRadar: SSH missing cipher causes the SSH connection or tunnel to fail
  • Tunnels Overview
  • "Setup process tunnel failed to start for 22 intervals. Continuing to try to start" message
  • How to verify tunnel has loaded
  • How to restart tunnels
 QRadar: Troubleshooting tunnels issues

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Deployment","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
22 February 2024

UID

ibm10960602

Page Feedback