ssh issue

Raja_D · ‎04-14-2017

Hi,

I have noticed recently a ssh issue in cisco 819 router. Like the ssh is in place and the ssh works fine but post reload of router the ssh gets refused and to overcome access issue I have enabled both ssh and telnet over line vty 0 4 . Telnet works normally.

Error as seen below:

ssh -l cisco 10.21.30.25
ssh: connect to host 10.21.30.25 port 22: Connection refused

Ios image is: c800-universalk9-mz.SPA.155-3.M2.bin

I have even tried to zeroize the crypto keys and then regenerated the rsa keys but still the issue repeats

Please suggest solution and the reason for this issue cause.

Georg Pauwen · ‎04-14-2017

Hello,

post the config of the router.

You might want to try 'transport input all' on your lines. Also, check the status of your lines, and clear them if necessary (clear line vty).

Raja_D · ‎04-15-2017

Georg,

I have tried with 'transport input all' over line vty but still no success and also with clear line vty .

Note: I am able to login properly with ssh to the device but ssh gets rejected only when the device is reboot.

Georg Pauwen · ‎04-15-2017

Hello,

try to zeroize the key, then recreate it again and specify that ssh has to use that specific key. Both commands are configured in global configuration mode:

819(config)#crypto key generate rsa label ssh modulus 1024
819(config)#ip ssh rsa keypair-name ssh

Raja_D · ‎04-15-2017

Awesome, it worked. Thank you Georg for your quick help.

Cheers!!!

Julio E. Moisa · ‎04-14-2017

Hi

Could you please share your configuration and show ip ssh output.

Are you using SSH version 2:

conf t

ip ssh version 2

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Raja_D · ‎04-15-2017

Yes, using ip ssh version 2. Below is the show ip ssh output and the configuration that is done wrt SSH.

show ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 60 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

ip domain name lab.com
ip ssh time-out 60
ip ssh version 2

crypto key generate rsa general-keys modulus 1024

line vty 0 4
exec-timeout 5 0
password test
logging synchronous
transport input telnet ssh
transport output telnet ssh

ediallo · ‎07-19-2017

Hello guys,

I just wanted to share that I ran into this issue this week with "ssh refusing connection"

in my case we had exceeded the number of vty sessions available 0 through 15.

RouterA# show users

Displayed the number of connections then go ahead and run in Global config:

RouterA# clear line vty 0 ( the vty sessions that are idle)

NOTE: Make sure to inform your network team to exit any ssh session before closing their terminals

I Hope this helps,

Elhadji