Solved: ASA Upgrade, lost ssh access - Page 2

zietgiestt · ‎05-29-2024

Hello,

I just upgraded a cisco ASA 5506 from 9.6-9.16(4)57 and I cannot ssh into it any longer.

Get an error: "server unexpectedly closed the network connection"

I can access via asdm.

I have ssh enabled and I have ssh allowed form only 2 machines (a local server and my laptop).

I'm thinking I need to generate a new crypto key.

My question is, if I do generate a new cry key, will that break my ipsec tunnels?

Thanks,

kcousino123 · ‎11-18-2024

@Marvin Rhoads , I ran that command and received nothing in response.

Marvin Rhoads · ‎11-18-2024

Sorry,It should be:

show asp table socket | include 22

kcousino123 · ‎11-18-2024

@Marvin Rhoads I ran that one and get this.

TCP 12338188 LISTEN x.x.x.x:22 0.0.0.0:* "x.x.x.x is my outside public"
TCP 13bed638 LISTEN x.x.x.x:22 0.0.0.0:* "x.x.x.x is my inside private"

kcousino123 · ‎11-20-2024

@Marvin Rhoads , I did some testing this morning. I downgraded the firewall back to the previous version and SSH started working as expected. I then re-upgraded to the 9.16.4 version. After rebooting I was able to use SSH as expected. The really weird twist, is a couple hours later and SSH doesn't work again.

Marvin Rhoads · ‎11-20-2024

@kcousino123 that sounds suspiciously like some system is logging in remotely and tying up all the available ssh lines. You can check this with "show ssh sessions" command. The default allows 5 ssh sessions to be active at any one time. (Similar to "line vty 0 4" in IOS devices.)

See also: https://www.tunnelsup.com/how-to-show-and-clear-user-sessions-on-a-cisco-asa/

kcousino123 · ‎11-20-2024

Here is what I got in response.
asa# sh resource usage resource ssh
Resource Current Peak Limit Denied Context
SSH Server 6 6 5 116 System

problem is when I do show ssh sessions it responds with none.
How can I clear them? I tried to do 0-6 but it says there aren't any current.

Marvin Rhoads · ‎11-20-2024

They may be unauthenticated sessions in progress - especially if they are coming from random scanners. If you require outside access via ssh, then try locking it down to only allow your public IP address to see if that reduces the unknown incoming sessions.

(I'm not sure why the previous version doesn't exhibit the problem.)

kcousino123 · ‎11-20-2024

Thank you for your help on this. I will consider it finished even though it is not resolved. From what I am seeing online, it appears to possibly be a bug. Hopefully, it will be resolved in future releases.