02-14-2017 02:23 PM - edited 03-12-2019 01:56 AM
Hi, I have an ASA 5580 with configured access through ssh. I've been accessing to it since always, but suddenly (noticed today) I can't access any more. I'm receiving this:
ssh -l username 192.168.0.44
Connection closed by 192.168.0.44 port 22
I have another 3 ASA's and I'm accessing them perfectly...
what could have changed???
thanks in advance.
BR
Solved! Go to Solution.
02-14-2017 06:54 PM
It's possible some automated system has exhausted the vty lines. You'd have to check that via a console connection.
02-15-2017 08:09 AM
There's a nice article at tunnelsup.com that explains checking the resources, viewing the sessions (as you surmised) and disconnecting them. ('ssh disconnect <session number>')
https://www.tunnelsup.com/how-to-show-and-clear-user-sessions-on-a-cisco-asa/
02-14-2017 06:54 PM
It's possible some automated system has exhausted the vty lines. You'd have to check that via a console connection.
02-15-2017 07:30 AM
it makes sense...actually I tried to check vty lines but the command is not the same as in IOS. I think here in ASA is show ssh sessions, is that correct??? but more important: how do I clean vty lines??? in IOS the command is clear vty line #, is the same in here??
thanks in advance.
BR.
02-15-2017 08:09 AM
There's a nice article at tunnelsup.com that explains checking the resources, viewing the sessions (as you surmised) and disconnecting them. ('ssh disconnect <session number>')
https://www.tunnelsup.com/how-to-show-and-clear-user-sessions-on-a-cisco-asa/
02-15-2017 08:15 AM
Excellent!!!
I'll check it.
BR.
02-15-2017 11:24 AM
Hi Marvin, I connected to the ASA via console and did run a couple of commands but shows nothing:
ASA5580# show resource usage resource ssH
Resource Current Peak Limit Denied Context
ASA5580#
ASA5580# show ssh sessions
ASA5580#
what could be happening???
02-15-2017 06:07 PM
Do you have multiple contexts?
Which ASA software version is running on the 5580?
02-16-2017 07:01 AM
Cisco Adaptive Security Appliance Software Version 8.4(5)
Device Manager Version 7.1(1)52
Compiled on Mon 29-Oct-12 10:51 by builders
System image file is "disk0:/asa845-smp-k8.bin"
Config file at boot was "startup-config"
02-16-2017 07:20 AM
There was a bug in ASA 8.3(2.8) where there were orphaned ssh sessions. But that shouldn't affect your release.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCtq84364/?referring_site=bugquickviewredir
The bug notes do suggest checking for the session using:
show process | include ssh
I have also seen this sometimes be remedied with a simple reload. Are you able to shcedule that?
02-16-2017 07:41 AM
ASA5580# show processes | i ssh
Mwe 0x0000000001346b80 0x00007ffe73d1f528 0x00007ffe73cf5828 3 0x00007ffe73d17860 30752/32768 listen/ssh
Mwe 0x00000000012eaddd 0x00007ffe73d3a438 0x00000000040ea310 3 0x00007ffe73d325e0 30200/32768 ssh/timer
ASA5580#
reload the appliance would be my last resource...besides, what if it happens again??? I can't be reloading the ASA every time...
it's very disappointing...
02-16-2017 06:44 PM
Understood. Perhaps the TAC would be able to advise further. Are you able to open a TAC case?
02-17-2017 07:20 AM
Hi Marvin,
reload did the job...now is working fine!
but I would like to know what happened....
BR.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide