cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1037
Views
0
Helpful
4
Replies

8.2.5 Lost SSH Access

z08mjk2374
Level 1
Level 1

I have a 5540 running 8.2.5 and SSH access stopped working. Telnet still works.

Logs show this:

%ASA-6-302013: Built inbound TCP connection 227557909 for outside:x.x.x.x/62168 (x.x.x.x/62168) to identity:y.y.y.y/22 (y.y.y.y/22)

%ASA-5-321001: Resource 'ssh' limit of 5 reached for context 'single_vf'

%ASA-6-302014: Teardown TCP connection 227557909 for outside:x.x.x.x/62168 to identity:y.y.y.y/22 duration 0:00:00 bytes 0 TCP FINs

I go into the firewall a do a "sh ssh sessions" and get no sessions returned.

I know there are some bugs that sound very similar like CSCsm68097, but all involve much eariler code. Any other more modern bugs for the same problem?

4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

As a test can you take out the entire SSH configuration and then just apply it back.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Stripped off the SSH and reapplied it.

clear configure ssh

Then I pasted all of the ssh statements.

ssh x.x.x.x 255.255.255.0 inside

ssh x.x.x.x 255.255.255.0 outside

etc.

Same thing.

This ASA has some serious uptime. I'm pretty sure a reboot will fix it, but I can't let me curiosity go. :-)

Hello,

Me too.

I am pretty sure a Reload will clear the orphaned SSH sessions.

CSCsm68097

CSCts72188

Check those 2. Looks like 8.2.5 is being hitted on your case. Can you reload and monitor to check if it happens again?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: