09-21-2024 01:39 AM
hi all,
when i try to ssh in to a switch i get a connection refused on port 22
ssh robert@10.110.10.4
ssh: connect to host 10.110.10.4 port 22: Connection refused
thanks,
rob
09-21-2024 01:41 AM
ACL
09-21-2024 02:55 AM - edited 09-21-2024 03:01 AM
Hello robertkwild,
issue show ip ssh command to verify ssh is enabled or disabled...if it is enabled, check for transport input ssh under line vty mode.
Here is the sample configuration:
username admin password xxxxx
ip domain-name xyzcorp.com
crypto key generate rsa
ip ssh version 2
line vty 0 4
login local
transport input shh
if you think configuration fine..check any acl is blocking ssh..show ip access-list
Best regards
******* If This Helps, Please Rate *******
09-21-2024 03:13 AM
Dont use port
If you not success
Show tcp breif <<- share it here
MHM
09-21-2024 04:39 AM
Hello @robertkwild
SSH access is managed through the vty lines, which are the virtual ports used for remote access. Ensure that the vty lines are properly configured to allow SSH as a transport protocol. If vty lines are not configured to allow SSH, you will not be able to establish an SSH session, even if SSH is enabled globally on the switch.
transport input ssh command under vty lines
09-21-2024 08:33 AM
rob
There are a number of things that could cause the symptoms you describe:
- it is possible that ssh is not enabled on that switch. The output of the command show ip ssh would clarify whether it is enabled or not (and could clarify is a particular version of SSH is needed).
- it is possible that the vty lines have been configured to restrict access. The output of the command show run | sec vty might clarify this.
- there are several other things that could impact your attempt with SSH and the best thing would be for you to post the output of show run (with any sensitive information Publib IP, passwords, etc) obscured.
09-21-2024 02:11 PM
Hello @robertkwild ,
depending on the ACL invoked under the line vty you may be not authorized to login from the source IP address of the device/PC you have made your attempt from.
A common case is that the ACL allows to perfom SSH from one or few management subnets and for example this does not allow to jump from one switch to another because the source IP address will be not permitted by that ACL.
I don't know if this is your case or you are using a linux server.
Hope to help
Giuseppe
09-21-2024 08:43 PM
Hi,
Everyone has suggested multiple steps and he should look for it however a summary checklist could be
1) run the "show IP ssh" command and look for two values "ssh enabled" and version
2) if SSH is not enabled then try to enable it. Multiple steps, let me know if you need them.
3) check your line vty configuration "show run | sec line vty". What is configured for transport input with transport input, is it allowed?, also check for "access-group". Can you see any acl configured there?
4) If there is an ACL, then check for ACL configuration, you should not block yourself by mistake in the ACL. you can share sho IP access-list output along with your laptop/desktop IP.
5) Do you have any firewall between you and your switch? Are you allowed to access SSH by firewall rules/ACLs?
There are a few more steps to check but I think those are just basic and share your output with us.
09-22-2024 04:05 AM - edited 09-22-2024 04:06 AM
thanks for all the advice, i think its the ACL list now you guys have jogged my memory, il try next time i can console in the switch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide