intermittent loss of ssh access, asa does not listen on 22

kewwa — Thu, 30 Jan 2025 14:50:31 GMT

I just got kind of similar issue to CSCwb94312
https://community.cisco.com/t5/network-security/asa-unable-to-configure-service-on-port-22/td-p/1742513
or
https://community.cisco.com/t5/cisco-software-discussions/lost-ssh-access-to-asa-after-upgrading-from-9-15-1-1-to-9-20-2-2/td-p/4992216

but not exactly:
out of the blue and with no change made (no upgrade so not the case from the second link)
- I cannot ssh (telnet, ASDM work)
I did not reboot but I deleted and re-added ssh and it works again... for some time (up to few hours)
Hence ssh configuration is still possible unlike in the bug CSCwb94312

weird thing: seems like ASA does not listen on port 22

However the command above was run from a very ssh session so for sure the session was established.
Also I played adding and deleting telnet and it "updates" - I can see ASA listening and not listening to 23 accordingly.
However configuring and deleting ssh does not change anything

at the same time I have ssh in PAT table

To give the full picture: when ssh does not work:
-the authentication works fine (I do not have log but basically the admin is correctly authenticated by a remote server
- and the syn arrives at ASA (pcap from ASA) but never gets a reply

Version is 9.20(3)7

Re: intermittent loss of ssh access, asa does not listen on 22

MHM Cisco World — Thu, 30 Jan 2025 15:02:00 GMT

Can I see

Show run nat

MHM

topic intermittent loss of ssh access, asa does not listen on 22 in Network Security

intermittent loss of ssh access, asa does not listen on 22

Re: intermittent loss of ssh access, asa does not listen on 22