11-29-2011 05:10 PM
Hi All:
I notices i can't not ssh out to another device from my router.
SSH in from my client (putty) works fine.
and not access-list attached to vty with out direction.
transport output all
I found this problem happened on my ASR1002 with "asr1000rp1-adventerprisek9.03.03.01.S.151-2.S1.bin" and my 2921 router with "c2900-universalk9-mz.SPA.151-4.M2.bin", but it works fine on 7200 with "c7200-advipservicesk9-mz.151-4.M.bin". and my old router 28/18 with 12.4 ios work fine as well.
The symptom is:
BMP-2921-R01#ssh -l jason 1.1.1.1
% Connections to that host not permitted from this terminal
any idea? please help me out
thanks
11-30-2011 12:24 AM
Hi,
can you telnet this host from this device ?
Regards.
Alain
11-30-2011 01:32 AM
Telnet works fine.
The problem is on the router itself not on the remote site, even i try ssh to a dummy ip , the router desn't ever check its routing table and immediate tell me not permitted.
11-30-2011 02:05 AM
Hi,
Can you post your sanitized config.
Have you tried debugging ?
Regards.
Alain
11-30-2011 02:09 AM
Hi:
Configuration:
ip domain name xxx.com.sg
ip ssh time-out 30
ip ssh authentication-retries 2
access-list 10 remark "SSH Access Restriction"
access-list 10 permit 123.49.101.6
access-list 10 permit 10.168.2.213
access-list 10 permit 10.168.4.219
access-list 10 permit 10.168.4.217
line vty 0 4
session-timeout 15
access-class 10 in
exec-timeout 5 0
privilege level 15
logging synchronous
transport input telnet ssh
transport output all
line vty 5 15
no exec
transport input none
!
12-05-2011 01:04 PM
Jason
Can you post the output of show ip ssh from the router?
HTH
Rick
01-18-2012 05:39 AM
Hi,
Did you get this solved? I have the same symptoms.
Thanks
01-23-2012 06:56 AM
Upgraded the 2901 to 15.1(4)M3 => solved
01-23-2012 11:20 AM
Thank you for posting back to the thread and telling us that a code upgrade fixed the problem. This is helpful to know.
HTH
Rick
01-30-2012 03:00 PM
I can confirm this behavior.
I could not SSH out from my Cisco 2901 running c2900-universalk9-mz.SPA.151-4.M2.bin
Upgrading to c2900-universalk9-mz.SPA.151-4.M3.bin fixed the issue.
No configuration chages were made.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: