03-03-2011 07:49 AM - edited 03-11-2019 01:00 PM
I have an ASA5510 which was running version 8.31. SSH was working fine on version 8.31 but since i upgraded it to version 8.41 the SSH stopped working. I would appreciate if someone can help me?
Thanks,
Lake
Solved! Go to Solution.
03-03-2011 07:58 AM
Have you tried re-generating the crypto key?
If not, then please try the following:
crypto key zeroize rsa
then
crypto key generate rsa general-keys modulus 1024
Also, make sure the ssh commands are still in the configuration.
03-04-2011 06:22 PM
Thanks for the heads-up Chirag.
Harry informed me that the reload didn't seem to help. Hence, i attempted to zeroise and regenerate the RSA keys on the ASA that was refusing the SSH attempts.
A reload after regenerating the RSA keys eventually fixed the issue.
Apparent Workaround: Regenerate the RSA keys and then reload the firewall.
@Harry: Please do mark the post 'Answered' so that this discussion can be referenced for future use.
Regards,
Sundar Sreenivasan
03-03-2011 07:58 AM
Have you tried re-generating the crypto key?
If not, then please try the following:
crypto key zeroize rsa
then
crypto key generate rsa general-keys modulus 1024
Also, make sure the ssh commands are still in the configuration.
03-03-2011 10:23 PM
Hello Lakeram
Please follow the check list given in this document to verify we have everyting required for ssh :
https://supportforums.cisco.com/docs/DOC-13012
Cisco TAC is looking into this as few more customers have experienced the same and seems to be a new bug/issue.
Please post the following outputs for further investigation :
1) Sh run ssh //To ensure SSH is enabled & allowed.
2) sh cry mypubkey rsa //To find whether a RSA key-pair is installed.
3) sh asp table socket //To make sure the firewall is listening on TCP 22
If you have a TAC contract with this device , please open a service request or reply back with serial number/cco id. If not, post the outputs here.
Hope this helps. Please reply back if you need any further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.
I
03-04-2011 05:29 PM
Hello,
Cisco TAC has filed a bug for ASA 8.4.1 stating behaviour "Unable to SSH after upgrade to ASA 8.4.1".
Here is the bug id: CSCtn75060
Possible Unconfirmed Workarounds:
- Reloading the ASA
- Possibly doing a 'shut' and 'no shut' on the interface
Hope this helps. Please reply back if you need any further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.
03-04-2011 06:22 PM
Thanks for the heads-up Chirag.
Harry informed me that the reload didn't seem to help. Hence, i attempted to zeroise and regenerate the RSA keys on the ASA that was refusing the SSH attempts.
A reload after regenerating the RSA keys eventually fixed the issue.
Apparent Workaround: Regenerate the RSA keys and then reload the firewall.
@Harry: Please do mark the post 'Answered' so that this discussion can be referenced for future use.
Regards,
Sundar Sreenivasan
03-04-2011 11:14 PM
Hi Guys,
If I am not mistaken, the Socket stays on close pending, and if you try to enable SSH to another interface it says that the port is already in used, have anybody tried to take out completely the commands and put them back again?
Mike Rojas
03-05-2011 07:41 AM
Hi Mike,
Yep, i had tried that for one of the customers but no luck. Re-generating the keys and redoing the config didn't help at all. But for Sundar/Lakeram regenerating the keys and reload together helped. Still there is no confirmed workaround from the developers.
Hope this helps.
Regards,
Chirag
03-06-2011 10:07 AM
I appreciate all your help.
It is now working as per Sundar's email
Thanks,
Lake
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide