cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
21629
Views
0
Helpful
9
Replies

not able to ssh out from a router

jason_majie
Level 1
Level 1

Hi All:

I notices i can't not ssh out to another device from my router.

SSH in from my client (putty) works fine.

and not access-list attached to vty with out direction.

transport output all

I found this problem happened on my ASR1002 with "asr1000rp1-adventerprisek9.03.03.01.S.151-2.S1.bin" and my 2921 router with "c2900-universalk9-mz.SPA.151-4.M2.bin",  but it works fine on 7200  with "c7200-advipservicesk9-mz.151-4.M.bin". and my old router 28/18 with 12.4 ios work fine as well.

The symptom is:

BMP-2921-R01#ssh -l jason 1.1.1.1

% Connections to that host not permitted from this terminal

any idea? please help me out

thanks

9 Replies 9

cadet alain
VIP Alumni
VIP Alumni

Hi,

can you telnet this host from this device ?

Regards.

Alain

Don't forget to rate helpful posts.

Telnet works fine.

The problem is on the router itself not on the remote site, even i try ssh to a dummy ip , the router desn't ever check its routing table and immediate tell me not permitted.

Hi,

Can you post your sanitized config.

Have you tried debugging ?

Regards.

Alain

Don't forget to rate helpful posts.

Hi:

Configuration:

ip domain name xxx.com.sg

ip ssh time-out 30

ip ssh authentication-retries 2

access-list 10 remark "SSH Access Restriction"    

access-list 10 permit 123.49.101.6

access-list 10 permit 10.168.2.213

access-list 10 permit 10.168.4.219

access-list 10 permit 10.168.4.217

line vty 0 4

session-timeout 15

access-class 10 in

exec-timeout 5 0

privilege level 15

logging synchronous

transport input telnet ssh

transport output all

line vty 5 15

no exec

transport input none

!

Jason

Can you post the output of show ip ssh from the router?

HTH

Rick

HTH

Rick

langoustator
Level 1
Level 1

Hi,

Did you get this solved? I have the same symptoms.

Thanks

Upgraded the 2901 to 15.1(4)M3 => solved

Thank you for posting back to the thread and telling us that a code upgrade fixed the problem. This is helpful to know.

HTH

Rick

HTH

Rick

rtalipinani
Level 1
Level 1

I can confirm this behavior.

I could not SSH out from my Cisco 2901 running c2900-universalk9-mz.SPA.151-4.M2.bin

Upgrading to c2900-universalk9-mz.SPA.151-4.M3.bin fixed the issue.

No configuration chages were made.