Hi Mark,

NET#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3

When this SSH time out happens, it gets back online by itself in about 2-3 minutes without me doing nothing

??never seen that before , if your 100% on that all it could be is a bug , the timeout is only for the client that's trying to connect to the switch , it has no control over physical interfaces

what exactly is dropping on these circuits are they going hard down ? or is BGP dropping  ?

can you post the ISP interfaces

............................

try change your ssh to v2 anyway you shouldn't use v1 its insecure , your allowing sshv1 and v2 there as the keys are only set to 512

regenerate your crypto keys

crypto key generate rsa

Hit return then type 1024 and return again

posting ssh output

NET#sh ssh
Connection      Version Encryption      State                   Username
0               0.0        -            Open                    -
1               0.0        -            Open                    -
2               0.0        -            Open                    -
9               0.0        -            Open                    -
14              0.0        -            Open                    -
Connection Version Mode Encryption  Hmac         State                 Username
3          2.0     IN   aes256-cbc  hmac-sha1    Session started       ****
3          2.0     OUT  aes256-cbc  hmac-sha1    Session started       *****

**************************************************************************************

NET#sh version
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 06:08 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x02800000

ROM: Bootstrap program is C3750E boot loader
BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)

NET uptime is 3 years, 26 weeks, 1 hour, 35 minutes
System returned to ROM by power-on
System restarted at 10:25:23 KSA Mon Aug 26 2013
System image file is "flash:/c3750e-universalk9-mz.122-55.SE1/c3750e-universalk9-mz.122-55.SE1.bin"

*****************************************************************************

The switch is not going down physically

The 2 ISP's are connected to this internet switch and the other side is the LAN, The firewall is sitting after this internet switch......Strange but ture

Hey Mark and Georg,

Apologies for not getting back. But with the support of you 2, the problem got fixed

There was a brute-force attack on ssh from a particular IP after enabling logging and identifying the issue, I upgraded IOS and applied SSH-ACCESS-CONTROL to specifuc subnet and since then the network is stable.

I rank both your answers to be right, thank you both of you

Regards,

Hashmi

glad you got it fixed

This will slow down brute attacks on a router / switch

it will stop the automated attack after 10 attempts in 60 seconds for 5 minutes , you can increase it , but always allow you vty access line in send line so you never get blocked as an authorised user  

login block-for 300 attempts 10 within 60
login quiet-mode access-class x

Got it Mark

I am also Facing the same issue. can anyone help me.

Hello,

what exactly are you facing ? The thread has a solution I guess...does that work for you ?

Dear Sir,

thanks from your prompt reply, i am facing this issue with my Cisco 3750 Switch and getting the message (%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection) i have change even the complete switch and installed another one but same result in another switch also.

i have changed the management IP of the switch but didn't had any affect and still i am getting the same message and my switch WAN port color is going green and orange and giving me packet lost for 10 seconds and again becoming normal for few minutes.

i have also deployed access list for only one IP but it didn't worked for me. following is access list configuration.

access-list 10 permit <Allowed IP>
line vty 0 15
 access-class 10 in
 transport input ssh

and the solution which you have shared i can deployed the access list but while i m going to my (line vty 0 15) my installed switch is not accepting (ip access-group) and (ip ssh rsa keypair-name) command they don't have it.

my switch IOS is ("flash:c3750-ipservicesk9-mz.122-50.SE3.bin").

Hey Georg,

No one has access to this switch except me.

ip ssh rsa keypair-name <hostname>

hostname in the sense, hostname of the switch is it? And what does this command do

I lost the connectiviy 3 times today with the same error message, not sure what's going on

when you lose access to the switch , run a trace route from a pc or device an see if its definitely the switch causing it and its stopping just at that hop

Yes its definitely the switch bcoz I lose the pings to this switch when the network is down, as soon as the pings comes back, the network is online