06-17-2013 02:39 PM - edited 03-11-2019 06:59 PM
Hi ,
I been able to access the firewall via ssh, but suddenly ssh got failed but able to telnet port 22 to the firewall. But it is not prompting username and password from the ASA device. So i have taken console reset all ssh configuration , then SSH started to working but after few minutes it stop to work.
My version : Version 8.2(3)
06-17-2013 03:21 PM
Hello,
So SSH works for a few minutes and then gets stucked,
Can u share the logs of the ASA about when u try to connect via SSH?
Also the following commands when the connection does not work:
show asp table socket
show ssh sessions
Question: Are you running failover?
Question 2 : Are you running SNMP?
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
06-18-2013 10:35 AM
Hi
Log taken while trying to connect the ssh from the inside
Able to take ssh from INSIDE LAN but not able to take ssh from outside port.
Oct 06 2003 02:04:46: %ASA-6-302013: Built inbound TCP connection 66468 for INSIDE:172.**.**.144/49624 (172.**.**.144/49624) to identity:172.**.**.130/22 (172.**.**.130/22)
Oct 06 2003 02:04:56: %ASA-6-113012: AAA user authentication Successful : local database : user = A***Z
Oct 06 2003 02:04:56: %ASA-6-113008: AAA transaction status ACCEPT : user = A***Z
Oct 06 2003 02:04:56: %ASA-6-611101: User authentication succeeded: Uname: A***Z
Oct 06 2003 02:04:56: %ASA-6-611101: User authentication succeeded: Uname: A***Z
Oct 06 2003 02:04:56: %ASA-6-605005: Login permitted from 172.**.**.144/49624 to INSIDE:172.**.**.130/ssh for user "A***Z"
Log taken while trying to connect the ssh from the outside
1Oct 06 2003 02:09:03: %ASA-6-302013: Built inbound TCP connection 66669 for outside:103.**.**.70/29691 (103.**.**.70/29691) to identity:142.**.**.45/22 (142.**.**.45/22)
Here it is not asking user name while trying to connected from the outside but connection got establish upto Handshake and that firewall not sending the data to the client for the username.
10:52 PMProtocol Socket Local Address Foreign Address State
TCP 4c50f36f 142.**.**.45:22 0.0.0.0:* LISTEN
TCP 4c58baef 172.**.**.130:22 0.0.0.0:* LISTEN
TCP 4c599198 142.**.**.45:22 103.**.**.70:29610 ESTAB
TCP 4c5affc8 172.**.**.130:22 172.**.**.144:49616 ESTAB
06-18-2013 01:36 PM
Please check my previous posts,
And reply as requested, otherwise I cannot help
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
06-18-2013 02:18 PM
We are not using SNMP
Failover not been configured.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide