Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
0
Helpful
6
Replies

ACE30 SSH login issue after image upload

Nadeem ahmed Ahmed
Level 1
Level 1

‎07-10-2014 12:25 AM

 

 

Hi,

 

Currently I am running ACE30 with version A4(2.2),

I am doing upgarde with A5(3.0) But whenever i upload image to ACE i cannot login ACE via SSH but telnet works fine.

 

I tried to remove ssh keys, generated new keys even then no ssh login.

Then i reload ACE with old image then ssh login start coming. I would appreciate if someone share the same experience and any permanent logical fix.

 

Regards 

 

 

 

Labels:
0 Helpful
6 Replies 6

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎07-10-2014 06:19 AM

Hi,

I searched internally as well and i don't see any issue. Can you get the below information:

show ssh key

show ssh maxsessions

also, do ssh key rsa 1024 force and try again.

Can you also get the pcaps on client who is trying to do SSH as well as the show tech from Admin context? Are you trying to do SSH to Admin context or another context?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

Nadeem ahmed Ahmed
Level 1
Level 1
In response to Kanwaljeet Singh

‎07-10-2014 06:57 AM

 

 

Hi,

 

 I have tried all the options but to no vain, i removed ssh key n generated with , 

768, 1024, etc etc..

Already verified ssh maxsessions 16, 

I am trying SSH to admin context. PCAP attached from client nonworking when image uploaded and working after ACE reload,

 

 

Client: Source ip: 10.1.29.98,   destination IP : 10.1.29.97 ACE vlan20

 

Actually, during non-working time, only after three way handshake, FIN ACK initiated from ACE and no encryption request is initiated while during working scenario after three way handshake , client three way handshake is initiated and session establish.

 

 

0 Helpful

Nadeem ahmed Ahmed
Level 1
Level 1
In response to Nadeem ahmed Ahmed

‎07-10-2014 07:12 AM

attached zip file containing pcap

pcap.zip
0 Helpful

Nadeem ahmed Ahmed
Level 1
Level 1
In response to Nadeem ahmed Ahmed

‎07-11-2014 03:36 AM

 

 

Hi,

 

As told earlier, once i'll reload ACE , SSH will start working.

 

But the issue occur once you upload image after that SSH stop working.

 

you can recreate this issue as many times as you like. 

Regards

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to Nadeem ahmed Ahmed

‎07-11-2014 06:02 AM

Hi Nadeem,

If the issue is 100% reproducible, then this could be a bug but i haven't seen anything like reported here. There have been lot of upgrades to A530 in the field. Do you have show tech during the problem along with show logging? I would suggest to open a TAC case with this and collect pcaps as well as show tech along with syslogs during the problem and let them go to development for further analysis if show tech doesn't tell what is going on. That's the proper channel  to address the issue.

There was this recent DDTS:

CSCup61227    ACE 30 A5(3.0) - Warning:- MTS queue is full opcode 4062sap%d pid %d

I need to see if you are getting the similar message. The SSH seems to fail when this message shows up. If you do sh ssh session-info, do you see any stuck connections? Do you run any script which ssh into ACE periodically to collect data?

Regards,

Kanwal

Note: Please mark answers if they are helpful.
 

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to Nadeem ahmed Ahmed

‎07-10-2014 09:25 AM

Hi,

I see what you are saying. Thank you for the pcaps. This is definitely ACE misbehaving. Do you have show tech during the problem? Show logging?

I would like to see the logs during the issue. Did you try reloading the ACE at same version?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card