cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1316
Views
1
Helpful
6
Replies

Can't SSH anymore to Firepower device onto the management interface

MXUser
Level 1
Level 1

Hi

I have an FMC managed 1140 device on FTD 7.2.4, as of this morning I was able to SSH to it on the management interface, now I am not able to SSH, I also added a policy to try to SSH via the other interfaces but without luck, this is what I get:

kex_exchange_identification: Connection closed by remote host

there is a script running in the background to fix a S2S session reestablishing every hour and it uses SSH to that management interface.. it stopped working this morning, the script do close the ssh session/connection, so cleanup is done.. 

Questions:
- How to troubleshoot SSH connections ? I have serial console access.
- How to see if the SSH daemon is running or probably crashed if resources sessions are not properly release? possibility..

Thanks

1 Accepted Solution

Accepted Solutions

There is a monitoring daemon that watches the sshd listener. It is supposed to restart the listener if it finds it to not be listening.

 

> expert
admin@ftdv-1:~$ sudo su -
Password: 
root@ftdv-1:~# ps -ef | grep ssh
root      3574  3531  0 Jul24 ?        00:01:19 /bin/sh /etc/init.d/sshd monitor
root     24401     1  0 Jul24 ?        00:00:00 sshd: /usr/sbin/sshd [listener] 0 of 100-100 startups
root     28638 24401  0 17:17 ?        00:00:00 sshd: admin [priv]
admin    28647 28638  0 17:17 ?        00:00:00 sshd: admin@pts/0
root     28804 28749  0 17:17 pts/0    00:00:00 grep --color=auto ssh
root@ftdv-1:~#

 

You can trigger it manually as follows:

 

/etc/init.d/ssh {start|stop|status|reload|force-reload|restart|monitor}

 

 

View solution in original post

6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

Opening a TAC case would provide the best outcome for a problem such as this.

If you are not able to do so or just want to check for yourself, you could probably go into expert mode on the managed ftd and check for the listener on tcp/22 using netstat. You might also capture logs with "pigtail -all" (also done from expert mode) while trying to connect via ssh.

Hi Marvin.. thanks
I will inform Cisco.. but strange as it is Linux/Unix based, there should be a servicectl somewhere.. 

There is a monitoring daemon that watches the sshd listener. It is supposed to restart the listener if it finds it to not be listening.

 

> expert
admin@ftdv-1:~$ sudo su -
Password: 
root@ftdv-1:~# ps -ef | grep ssh
root      3574  3531  0 Jul24 ?        00:01:19 /bin/sh /etc/init.d/sshd monitor
root     24401     1  0 Jul24 ?        00:00:00 sshd: /usr/sbin/sshd [listener] 0 of 100-100 startups
root     28638 24401  0 17:17 ?        00:00:00 sshd: admin [priv]
admin    28647 28638  0 17:17 ?        00:00:00 sshd: admin@pts/0
root     28804 28749  0 17:17 pts/0    00:00:00 grep --color=auto ssh
root@ftdv-1:~#

 

You can trigger it manually as follows:

 

/etc/init.d/ssh {start|stop|status|reload|force-reload|restart|monitor}

 

 

Hi Marvin

Seems the monitor process is not running..

MXUser_1-1691433157146.png

 

MXUser
Level 1
Level 1

Yeah, I did manage to restart the SSHD service.. did post here with commands, but for an odd reason got blocked on the forum.. likely thought I was trying to inject it..will need to see how to pass commands without it blocking my access

 


@MXUser wrote:

Hi

I have an FMC managed 1140 device on FTD 7.2.4, as of this morning I was able to SSH to it on the management interface, now I am not able to SSH, I also added a policy to try to SSH via the other interfaces but without luck, this is what I get:

kex_exchange_identification: Connection closed by remote host

there is a script running in the background to fix a S2S session reestablishing every hour and it uses SSH to that management interface.. it stopped working this morning, the script do close the ssh session/connection, so cleanup is done.. 

Questions:
- How to troubleshoot SSH connections ? I have serial console access.
- How to see if the SSH daemon is running or probably crashed if resources sessions are not properly release? possibility..

Thanks


 

1EyedJoe
Level 1
Level 1

The 7.2 documentation says the service is started by default, but it was not on my FTDv.

 

Review Cisco Networking for a $25 gift card