Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
38588
Views
5
Helpful
11
Replies

Ping is ok, but no SSH connection

fornax
Level 1
Level 1

‎08-11-2014 04:52 AM - edited ‎03-10-2019 12:27 PM

Hi everybody,

I have a problem with SSH connection. 

I have a network, which can be pinged and connected by SSH from my laptop. 
And some other machines (in my subnet)can ping this range of network, but can't connect by SSH. 
No access list restrictions. No closed ports from server side. 

And one thing... 

I've checked bu wireshark, and see that, when this machines try to connect by SSH, there is no request out of its Ethernet interface. Ping is ok, again. 
But they can connect by SSH to other machines, from other subnets. 

Which information do you need to investigate and help with this problem? 

3 people had this problem
Labels:
0 Helpful
11 Replies 11

SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎08-11-2014 05:03 AM

Hi ,

 What is your NAS (network access server) device router/switch/ASA/other ??

 

HTH

Sandy

0 Helpful

fornax
Level 1
Level 1
In response to SANTHOSHKUMAR SARAVANAN

‎08-11-2014 05:49 AM

We have Nexus Swtiches between source and destination hosts. 

0 Helpful

davidsudjiman
Level 1
Level 1

‎08-11-2014 06:06 AM

"I've checked bu wireshark, and see that, when this machines try to connect by SSH, there is no request out of its Ethernet interface." << Is this machine has Firewall or ACL enabled?

 

rgds,

David Sudjiman

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to davidsudjiman

‎08-11-2014 12:41 PM

If the original poster is able to SSH to the device from his laptop then this demonstrates that SSH is enabled and seems correctly configured (which rules out one of the most common problems).

 

If other devices are able to ping then it seems to demonstrate IP connectivity and correct routing (which rules out another of the common problems).

 

I wonder if the problem might involve versions of SSH and what is configured on the device. If the device specifies version 2 (for example) and the original poster is specifying version 2 but the other devices are using version 1 then it would cause these symptoms.

 

It would be helpful if the original poster would provide the output of show ip ssh and the configuration of the vty ports. It would be even more helpul if the original poster would provide the complete configuration of the device (with sensitive data masked out).

 

HTH

 

Rick

HTH

Rick
0 Helpful

fornax
Level 1
Level 1

‎08-12-2014 12:00 AM

Hi again, 

Thanks for your replies,

We found the cause of the problem. 

We think the problem is OSPF - HSRP - Asymmetric routing problem ()

Here is the topology:

hsrp_ospf.jpg

We tested SSH from two different hosts. UserA can SSH, USerB can't. Here is tracert output from these two hosts

users.jpg

As you can see from output image, there is two equal cost routes from switch SW and it load balanced the traffic.  

What solution do you offer for automatically resolve this issue? 

 

Thanks. 

Preview file
85 KB
Preview file
31 KB
0 Helpful

SANTHOSHKUMAR SARAVANAN
Level 4
Level 4
In response to fornax

‎08-12-2014 12:25 AM

Hi ,

 I dont think there is network reachability issue . Do you have switch between destination server ?? on vlan 165 . Share me following output

Show Spanning tree vlan 165 from from both sw1 and sw2

show ip arp | in 192.168.165.100

show mac address address-table | in 192.168.165.100

To simulate bring down link connecting to SW2 , ensure only one link to sw-vlan30-sw1-vlan165  , check the SSH connectvity from both users , Similarly perform vice versa by shutingdown link connecting to sw1 . 

 

HTH

Sandy

 

0 Helpful

fornax
Level 1
Level 1
In response to SANTHOSHKUMAR SARAVANAN

‎08-12-2014 03:35 AM

Hi Sandy,

Yes there is no network reachability issue. Lets explain the issue little bit. 

As you see from users.jpg traffic from UserA goes through SW1 which is active for HSRP group165. Thats why traffic for both direction flows through SW1.

But from UserB traffic goes through SW2 and then return traffic goes through SW1.

Because switch SW load balances traffic - 

SW#sh ip cef exact-route 192.168.41.210 192.168.165.100
10.10.41.210 -> 192.168.165.100 => IP adj out of Vlan30, addr 192.168.30.251

SW#sh ip cef exact-route 192.168.41.198 192.168.165.100
10.10.41.198 -> 192.168.165.100 => IP adj out of Vlan30, addr 192.168.30.249

Ping works from both source, but SSH is not working.

0 Helpful

davidsudjiman
Level 1
Level 1
In response to fornax

‎08-12-2014 09:09 PM

SW1 and SW2 should have vlan 192.168.165.X shown as connected and not learning this via ospf (vlan30). 

 

How are the SW1 and SW2 connected? L2 or L3?

 

Regards,

David Sudjiman

0 Helpful

RYBayramov
Level 1
Level 1
In response to davidsudjiman

‎08-12-2014 09:29 PM

Hi David,

SW1 and SW2 are N7K switches. They have fabricpath configured between them

 

Regards,

Rizvan

0 Helpful

BenBen
Level 1
Level 1

‎02-27-2016 12:41 PM

Hi Ziya,

Did you get this issue resolved? I am having same issue. Device pingable but not be able to ssh to it. The device can be ssh from other laptops.

Thanks.

0 Helpful

BenBen
Level 1
Level 1

‎02-27-2016 04:01 PM

Hi,

I had the same issue and found that issuing "ip classless" solved my issue. In my case, it is an existing switch and it was configured "no ip classless" by someone else.

-Frank

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card