Solved: Re: Remote SSH connection dropping

BrandonMolnar · ‎09-29-2006

Hello,

I've got a Cisco 1721 that I've configured to allow SSH connections into the router from the internet on port 2922. For some reason, the SSH connection randomly gets dropped, most of the times in the middle of typing a command. I don't think it's related to the length of time I've in the router because I usually can't stay on for more than 4 minutes. Any kind of help would be appreciated.

Thanks,

Brandon

Fernando_Meza · ‎09-30-2006

Hi .. I have my doubts about your static NAT configurations .. If you modify the access-list applied to the ethernet0 (102) and allow ssh ( on port 22 ) are you able to ssh on port 22 to the router's E0 IP address from Outside ..? .. If you can and the connection is stable then your static NAT could be causing the problem.

I hope it helps .. please rate it if it does !!

View solution in original post

iraban · ‎09-29-2006

zerioise the public key and then regenrate the key and then try again

check the public key and then try

BrandonMolnar · ‎09-30-2006

What commands should I type in to do that? Thanks

BrandonMolnar · ‎09-30-2006

I figured out the command to regenerate the public key but that still didn't fix my problem.

What I seemed to figure out was that it has something to do with the transmission rate or something. When I just connect to SSH but don't type anything, I stay connected for a long time. But, if I start typing a bunch of commands fast, it will kick me off within a minute or two. Doing a "show tech" will instantly kick me off when it gets to the "show run" part of it.

If I do the same thing from the LAN side, I have no problems. It only happens with remote SSH connections. Anyone have any ideas?

jmia · ‎09-30-2006

Brandon

In order to delete the RSA key pair, use the - crypto key zeroize command.

Also, what is the timeout length you configured on your box? The max time for SSH negotiation with remote device - the default is 120 secounds! The default authentication-retries is 3 and the max is 5.

Hope this helps and pls rate posts!

Jay

BrandonMolnar · ‎09-30-2006

Hi Jay,

The timeout and auth-retrys are set to the defaults. 120 seconds and 3 retries. It looks like the max timeout length is 120 seconds. Should I change them to something else? Even right after logging into SSH remotely and typing "show tech" it will disconnect me. Putty says "Software caused connection abort" when I get disconnected.

To zeroize RSA key pair I actually did "crypto key zeroize rsa". Was that enough? Putty said the RSA key changed.

Fernando_Meza · ‎09-30-2006

Hi .. I have my doubts about your static NAT configurations .. If you modify the access-list applied to the ethernet0 (102) and allow ssh ( on port 22 ) are you able to ssh on port 22 to the router's E0 IP address from Outside ..? .. If you can and the connection is stable then your static NAT could be causing the problem.

I hope it helps .. please rate it if it does !!

kamal-learn · ‎09-30-2006

hi

i m trying to figure out how or is it possible to use ssh without having a

DOMAIN-NAME in your router`s config ???

correct me !!!

BrandonMolnar · ‎10-01-2006

Good question. After I cleared the RSA key and stuff, I rebooted for good measure and before I could even log back in, it generated another one for me. On the DHCP settings though I've got it set to import all and I believe it's importing the domain name and other info when it grabs a DHCP address

BrandonMolnar · ‎10-01-2006

Yep, that was it! Something with the static NAT translation it didn't like. I wanted to run SSH from a different port on the outside so there would be less of a chance that someone could try and break in.

The strange thing is, when I went back to the static NAT translation after allowing port 22, it worked then also. Looks like I'll just have to change the port through "ip ssh port" instead of using the translation. Thanks for your help!