Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11039
Views
0
Helpful
5
Replies

WS-C3750X-48P has ssh connection problem

Go to solution
blankguy7
Level 1
Level 1

‎06-14-2016 04:41 AM

Hi everyone,

This system is running since about 2 years without problems (3x stackables switches) and suddendly we cannot access it with ssh.

I've upgraded it to this last version : c3750e-ipbasek9-mz.150-2.SE9.bin.

After the upgrade and reboot this issue remains present and I don't know at all what could be the problem?

Switches:

---------------

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 54 WS-C3750X-48P 15.0(2)SE9 C3750E-IPBASEK9-M
2 54 WS-C3750X-48P 15.0(2)SE9 C3750E-IPBASEK9-M
3 54 WS-C3750X-48 15.0(2)SE9 C3750E-IPBASEK9-M

Issue:

---------------

$ ssh -l admin xxxxxxx
bash: connect: Connection refused
bash: /dev/tcp/xxxxxxx/22: Connection refused
bash: 3: Bad file descriptor
bash: 3: Bad file descriptor
bash: line 0: kill: (15411) - No such process
ssh_exchange_identification: Connection closed by remote host

Could someone has an ideas? or know what is the problem?

Thank you for your help

Best regards,

J.

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
agapitca19
Level 1
Level 1
In response to blankguy7

‎06-15-2016 01:10 PM

Have you issued the commands below? With the ip domain-name command, use whatever domain name your production switches use. With the crypto key generate rsa, when asked for the length of the key you may put 1024. If there was already an rsa key generated, try to remove it by issuing the command crypto key zeroize rsa then generate a new one.

ip domain-name example.com

crypto key generate rsa

ip ssh version 2 

On the line vty, make sure you have login local or password set if you don't use tacacs. With the way you are logging in remotely through ssh is not from a terminal emulator like putty or secure crt and I don't know if it matters, but check if you have the option to specify version 2. For example if I want to ssh from a Cisco switch to another switch that is set to accept ssh version 2, I will issue the command ssh -l [username] -v 2 [remote switch ip address]

HTH

***Please rate and mark the comment correct if you find it helpful. Thanks.***

View solution in original post

0 Helpful
5 Replies 5

Go to solution
agapitca19
Level 1
Level 1

‎06-14-2016 06:02 AM

blankguy7,

The "connection refused" on the output could mean anything. Like command transport input ssh is probably not set on line vty and just telnet. It could also be the switch is configured for a specific ssh version and you need to specify that ssh version when trying to remote in to the switch.

Can you please provide the running configuration of the switch or the ssh AND line vty configuration?

Thanks.

HTH

***Please rate and mark the comment correct if you find it helpful. Thanks.***

0 Helpful

Go to solution
blankguy7
Level 1
Level 1
In response to agapitca19

‎06-15-2016 04:38 AM

This problem occurred suddenly. Before everything worked well...

Here's the ssh configuration:

#show run | inc ssh
ip ssh time-out 60
ip ssh version 2
privilege exec level 15 ssh
transport input ssh
transport input ssh

[...]

line vty 0 4
access-class 50 in
exec-timeout 15 0
transport input ssh
transport output none
line vty 5 15
access-class 50 in
exec-timeout 15 0
transport input ssh
transport output none
!
ntp server 192.168.0.30
ntp server 192.168.0.221
end

But.... strange :

# show ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.

Best regards,

J.

0 Helpful

Go to solution
agapitca19
Level 1
Level 1
In response to blankguy7

‎06-15-2016 01:10 PM

Have you issued the commands below? With the ip domain-name command, use whatever domain name your production switches use. With the crypto key generate rsa, when asked for the length of the key you may put 1024. If there was already an rsa key generated, try to remove it by issuing the command crypto key zeroize rsa then generate a new one.

ip domain-name example.com

crypto key generate rsa

ip ssh version 2 

On the line vty, make sure you have login local or password set if you don't use tacacs. With the way you are logging in remotely through ssh is not from a terminal emulator like putty or secure crt and I don't know if it matters, but check if you have the option to specify version 2. For example if I want to ssh from a Cisco switch to another switch that is set to accept ssh version 2, I will issue the command ssh -l [username] -v 2 [remote switch ip address]

HTH

***Please rate and mark the comment correct if you find it helpful. Thanks.***

0 Helpful

Go to solution
blankguy7
Level 1
Level 1

‎06-16-2016 01:36 AM

I've installed again and it is now running.

Thanks a lot and have a nice day ;)

0 Helpful

Go to solution
agapitca19
Level 1
Level 1
In response to blankguy7

‎06-16-2016 04:31 AM

Good to hear that the issue is resolved now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents