https://community.cisco.com/t5/network-security/my-asa-5505-stops-accepting-ssh-connections-after-a-few-days/m-p/961910#M941610 <P>I have an ASA 5505 running v8.03 firmware that after a few days of uptime stops accepting SSH connections.</P><P>My SSH setup is pretty simple, just:</P><P>ssh 0.0.0.0 0.0.0.0 outside</P><P>ssh timeout 60</P><P>I get the following messages in my syslog when SSH stops working:</P><P>(yyy.y.yyy.y is my SSH client's IP, xxx.xxx.xxx.xx is the ASA firewall IP)</P><P>02-29 09:05:22 Local4.Info xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-6-302013: Built inbound TCP connection 495222 for outside:yyy.y.yyy.y/56782 (yyy.y.yyy.y/56782) to NP Identity Ifc:xxx.xxx.xxx.xx/22 (xxx.xxx.xxx.xx/22)</P><P>2008-02-29 09:05:22 Local4.Notice xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-5-321001: Resource 'ssh' limit of 5 reached for context 'single_vf'</P><P>2008-02-29 09:05:22 Local4.Info xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-6-302014: Teardown TCP connection 495222 for outside:yyy.y.yyy.y/56782 to NP Identity Ifc:xxx.xxx.xxx.xx/22 duration 0:00:00 bytes 0 TCP FINs</P><P></P><P>Anyone have any ideas on what causes this and how to fix? (I've been rebooting the ASA to fix it which seems drastic)</P><P>I don't have any problems on any of my other ASA boxes, but they are running 8.02...so maybe this is something specific to 8.03?</P><P>(or maybe the box is under a DOS SSH attack which is using up all the SSH process resources?)</P> Mon, 11 Mar 2019 12:10:50 GMT thomasdzubin 2019-03-11T12:10:50Z https://community.cisco.com/t5/network-security/my-asa-5505-stops-accepting-ssh-connections-after-a-few-days/m-p/961910#M941610 <P>I have an ASA 5505 running v8.03 firmware that after a few days of uptime stops accepting SSH connections.</P><P>My SSH setup is pretty simple, just:</P><P>ssh 0.0.0.0 0.0.0.0 outside</P><P>ssh timeout 60</P><P>I get the following messages in my syslog when SSH stops working:</P><P>(yyy.y.yyy.y is my SSH client's IP, xxx.xxx.xxx.xx is the ASA firewall IP)</P><P>02-29 09:05:22 Local4.Info xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-6-302013: Built inbound TCP connection 495222 for outside:yyy.y.yyy.y/56782 (yyy.y.yyy.y/56782) to NP Identity Ifc:xxx.xxx.xxx.xx/22 (xxx.xxx.xxx.xx/22)</P><P>2008-02-29 09:05:22 Local4.Notice xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-5-321001: Resource 'ssh' limit of 5 reached for context 'single_vf'</P><P>2008-02-29 09:05:22 Local4.Info xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-6-302014: Teardown TCP connection 495222 for outside:yyy.y.yyy.y/56782 to NP Identity Ifc:xxx.xxx.xxx.xx/22 duration 0:00:00 bytes 0 TCP FINs</P><P></P><P>Anyone have any ideas on what causes this and how to fix? (I've been rebooting the ASA to fix it which seems drastic)</P><P>I don't have any problems on any of my other ASA boxes, but they are running 8.02...so maybe this is something specific to 8.03?</P><P>(or maybe the box is under a DOS SSH attack which is using up all the SSH process resources?)</P> Mon, 11 Mar 2019 12:10:50 GMT https://community.cisco.com/t5/network-security/my-asa-5505-stops-accepting-ssh-connections-after-a-few-days/m-p/961910#M941610 thomasdzubin 2019-03-11T12:10:50Z https://community.cisco.com/t5/network-security/my-asa-5505-stops-accepting-ssh-connections-after-a-few-days/m-p/961911#M941612 <HTML><HEAD></HEAD><BODY><P>It's a bug in the v8.03 software - Cisco Bug Toolkit recommends a downgrade to 7.x</P></BODY></HTML> Fri, 29 Feb 2008 20:38:19 GMT https://community.cisco.com/t5/network-security/my-asa-5505-stops-accepting-ssh-connections-after-a-few-days/m-p/961911#M941612 jason.henderson 2008-02-29T20:38:19Z https://community.cisco.com/t5/network-security/my-asa-5505-stops-accepting-ssh-connections-after-a-few-days/m-p/961912#M941615 <HTML><HEAD></HEAD><BODY><P>Thanks... here are the details in case anyone else runs into it:</P><P>CSCsm68097 Bug Details </P><P> ASA 8.0.x - SSH resource exhausted preventing further sessions </P><P>Symptom:</P><P>Under a rare occurance, SSH sessions for management access can become locked preventing further SSH connections to be established to the ASA. </P><P></P><P>Conditions:</P><P>ASA 8.0(2), 8.0(3)</P><P>SSH enabled</P><P></P><P>Workaround:</P><P>A reload will clear the hanged SSH sessions.</P><P>-other types of connections still function (telnet,console)</P><P>-downgrade to 7.x code </P><P></P></BODY></HTML> Fri, 29 Feb 2008 21:19:40 GMT https://community.cisco.com/t5/network-security/my-asa-5505-stops-accepting-ssh-connections-after-a-few-days/m-p/961912#M941615 thomasdzubin 2008-02-29T21:19:40Z