Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1039
Views
0
Helpful
1
Replies

ASA SSH to outside interface times out

Go to solution
jthunderbird
Level 1
Level 1

‎04-16-2020 01:20 PM

Hello everyone,

 

I did search thoroughly for this specific question and could not find an answer. I am sure it is out there somewhere but if someone here could help me out, it would be greatly appreciated.

 

I have numerous ASA 5506-X devices in a hub-and-spoke setup with a 5515-X. They currently all have SSH access over the VPN to their inside interfaces but I also have SSH enabled on the outside interface for a specific IP in case the VPN goes down for some reason. My issue is that if I SSH to any of the devices on the outside interface, it freezes right about the 5 minute mark of idle time.

 

I have checked all the timeout setting and SSH settings and cannot find a setting for this anywhere nor do I know what the setting is. SSH over the VPN works fine. I tried changing the management-interface to outside and it had no effect. Syslog shows nothing when the freeze happens.

 

Is this something obvious I am missing?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jthunderbird
Level 1
Level 1

‎04-17-2020 07:12 AM

This was completely my bad. Turns out the version of putty I was using on my internet-connected box has a bug in it that kills the connection after 5 minutes of idle time. On the VPN side, I was just using my ubuntu cli so did not get the same issue which lead to me believing it had to do with security levels on the ASA.

 

Just in case someone stumbles upon this in a Google search, I was able to fix the issue by navigating to Connection > SSH > Bugs and changing the "Handles SSH-2 key re-exchange badly" from Auto to On.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
jthunderbird
Level 1
Level 1

‎04-17-2020 07:12 AM

This was completely my bad. Turns out the version of putty I was using on my internet-connected box has a bug in it that kills the connection after 5 minutes of idle time. On the VPN side, I was just using my ubuntu cli so did not get the same issue which lead to me believing it had to do with security levels on the ASA.

 

Just in case someone stumbles upon this in a Google search, I was able to fix the issue by navigating to Connection > SSH > Bugs and changing the "Handles SSH-2 key re-exchange badly" from Auto to On.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card