Here are the messages I keep getting........I am not running any scripts.

I just do not understand why I get the message when I have not accessed the router at all.....

I believe it is just an annoying message but I thank you for any clarification.....

10/15/2013 14:11    Notice    192.168.0.50    %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.0.15(scorpion-7.scorpnet.drichwalski.net) (tty = 0) for user 'SCORPION' using crypto cipher 'aes192-cbc'     hmac 'hmac-md5' closed
10/15/2013 14:11    Notice    192.168.0.50    %SSH-5-SSH2_USERAUTH: User 'SCORPION' authentication for SSH2 Session from 192.168.0.15(scorpion-7.scorpnet.drichwalski.net) (tty = 0) using crypto cipher 'aes192-cbc'     hmac 'hmac-md5' Succeeded
10/15/2013 14:11    Notice    192.168.0.50    %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.0.15(scorpion-7.scorpnet.drichwalski.net) (tty = 0) using crypto cipher 'aes192-cbc'     hmac 'hmac-md5' Succeeded

could you please provide me the output of commands mentioned below.

show ip ssh

show line

who

show run | in ssh

~BR
Jatin Katyal

**Do rate helpful posts**

Here is the output.......

stinger#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 5
stinger#sh line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
      0 CTY              -    -      -    -    -      0       0     0/0       -
     65 AUX   9600/9600  -    -      -    -    -      0       0     0/0       -
*    66 VTY              -    -      -    -   23     91       0     0/0       -
     67 VTY              -    -      -    -   23      0       0     0/0       -
     68 VTY              -    -      -    -   23      0       0     0/0       -
     69 VTY              -    -      -    -   23      0       0     0/0       -
     70 VTY              -    -      -    -   23      0       0     0/0       -

Line(s) not in async mode -or- with no hardware support:
1-64

stinger#who
    Line       User       Host(s)              Idle       Location
* 66 vty 0     SCORPION   idle                 00:00:00
                                             scorpion-7.scorpnet.drichwalski.net

  Interface    User               Mode         Idle     Peer Address

stinger#show run | in ssh
ip ssh authentication-retries 5
ip ssh logging events
ip ssh version 2
transport input ssh

looking at the above debugs, it seems on line vty 66, a connection is continous to attemp on port 23 with a username scorpion.

I need to know if it's only happening on this line or any random line. Can you do clear line vty 66 and keep monitor the session of show line and who.

Also, make sure we don't have any application in use to connect with this device with auto-login.

~BR
Jatin Katyal

**Do rate helpful posts**

I rebooted the router to clear everything out.......

I flushed the syslog server........

I access the router using SecureCRT..........

I still show many connections have been made to line vty 66...........

I have a feeling that SecureCRT is leaving something weird behind when I disconnect from a session.........

ok.....I rebooted the router again and my workstation.........

Ran putty and it looks like it was a problem with SecureCRT.......

With putty I only show the connection I made.....

Unless you can think of anything else I consider this case CLOSED!!

THANK YOU............for your help.

I'm glad that we able to figured it out

Take care.

~BR
Jatin Katyal

**Do rate helpful posts**