ssh hangs from router to router?

warren.sullivan · ‎09-23-2013

Hi Guys,

Im having a weird issue with ssh from a cisco 1941 to a cisco 1941, it used to work fine, but now it hangs...we have two routers at each site, one primary with an EOC connection to the network, and the other a backup 3G wireless connection to the network, both routers are connected to a switch and HSRP is running between them, due to recent ISP changes, the 3G network went down and has now come back up, so i need to reset the modems to force them to authenticate with our network blar blar blar

My issue is that when i issue a "ssh 10.x.x.x" (LAN IP of the 3G router) it just hangs, i can ping the address fine, there is no access-class set on any VTY lines, transport input ssh is set on both routers and no transport in or output set on either.

nbr-rt01#

nbr-rt01#ping 10.0.80.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.80.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

nbr-rt01#

Here's the thing though, if i RDP to the Site DC and SSH from that server to the 3G router it works fine, i can then even initiate a ssh session to the primary router from the 3G router, i can then jump back on the primary router and establish an SSH session to the 3G router!

this is what i get from a debug;

nbr-rt01#debug ip ssh client

SSH Client debugging is on

nbr-rt01#

nbr-rt01#ssh 10.0.80.3

nbr-rt01#

Sep 24 11:54:23.076 AEST: SSH CLIENT: attempt to create connection failed

Sep 24 11:54:23.076 AEST: SSH CLIENT: failed to create connection

nbr-rt01#

See below for the line VTY config and what happens when i ssh out of the primary to the backup 3G router.

Any ideas?

nbr-rt01#sh run | beg line con 0

line con 0

exec-timeout 30 0

privilege level 15

logging synchronous

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

exec-timeout 30 0

privilege level 15

logging synchronous

transport input ssh

!

scheduler allocate 20000 1000

ntp update-calendar

ntp server 10.0.6.12 prefer

ntp server 10.0.6.13

!

end

nbr-rt01#

nbr-rt01#ssh 10.0.80.3 (hangs here)

nbr-rt01#

Jeff Van Houten · ‎09-23-2013

Are you running cbac? If so, are you allowing ssh from the router?

Sent from Cisco Technical Support iPad App

warren.sullivan · ‎09-23-2013

As you can see from the output...no

thanks

warren

warren.sullivan · ‎09-23-2013

Ok, sorted, i had ip ssh source address set to a loopback, the 3G router never knew how to get back to the source, when the 3G connection was brought up, ssh went all the way back through the core to the primary routers ip ssh source address!

thanks

warren