Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
0
Helpful
6
Replies

ssh fail to work

donnie
Level 1
Level 1

‎10-20-2010 06:15 PM - edited ‎03-11-2019 11:57 AM

Hi all,

My ssh on my cisco asa 5510 fail to work.

I have enabled the following but my ssh client fail to connect to the firewall from my office network(connected to firewall inside interface).

aaa authentication ssh console LOCAL

ssh 10.0.0.0 255.0.0.0 inside

ssh timeout 5

I have also enable a rsa key and enable using ssh version 1 and 2

Pls advise. Thks in advance.

Labels:
0 Helpful
6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-20-2010 06:18 PM

Are you able to telnet on port 22?

Try to use a different SSH client as sometimes it could be problem with the client itself.

0 Helpful

donnie
Level 1
Level 1
In response to Jennifer Halim

‎10-20-2010 06:23 PM

Hi Jennifer,

I am unable to telnet to the firewall on port 22

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to donnie

‎10-20-2010 06:40 PM

Hello Don

Would you please paste the result of the command show asp table socket?

Cheers

Mike

Mike
0 Helpful

donnie
Level 1
Level 1
In response to Maykol Rojas

‎10-20-2010 06:45 PM

Hi maykol,

I am using asa version 7.0

There is no "socket" option  for "show asp table"

The following options are available for "show asp table"

arp          Show ASP ARP table
  classify     Show ASP classifier tables
  interfaces   Show ASP interfaces tables
  routing      Show ASP route tables
  vpn-context  Show ASP VPN context tables

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to donnie

‎10-20-2010 06:49 PM

Hello Don,

I hope you are doing great, would you please put the debug ssh 255 and try again?

Cheers

Mike

Mike
0 Helpful

mirober2
Cisco Employee
Cisco Employee
In response to donnie

‎10-21-2010 07:56 AM

Hi Don,

You can also setup a packet capture to confirm the SSH connection is actually reaching the inside interface of the firewall:

access-list capin permit tcp host  host  eq 22
capture capin access-list capin interface inside
show capture capin

If you see traffic reaching the firewall in the capture, try removing all SSH commands and re-adding them. Also, double check the syslogs that are generated at the time.The 7.0 version code is extremely old at this point, so you may also be running into a bug. Upgrading to 7.2(5) or 8.0(5) may help you overcome this problem as well.

If you don't see traffic reaching the firewall, double check network connectivity between your client and the firewall.

Hope that helps.

-Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card