11-29-2011 05:10 PM
Hi All:
I notices i can't not ssh out to another device from my router.
SSH in from my client (putty) works fine.
and not access-list attached to vty with out direction.
transport output all
I found this problem happened on my ASR1002 with "asr1000rp1-adventerprisek9.03.03.01.S.151-2.S1.bin" and my 2921 router with "c2900-universalk9-mz.SPA.151-4.M2.bin", but it works fine on 7200 with "c7200-advipservicesk9-mz.151-4.M.bin". and my old router 28/18 with 12.4 ios work fine as well.
The symptom is:
BMP-2921-R01#ssh -l jason 1.1.1.1
% Connections to that host not permitted from this terminal
any idea? please help me out
thanks
11-30-2011 12:24 AM
Hi,
can you telnet this host from this device ?
Regards.
Alain
11-30-2011 01:32 AM
Telnet works fine.
The problem is on the router itself not on the remote site, even i try ssh to a dummy ip , the router desn't ever check its routing table and immediate tell me not permitted.
11-30-2011 02:05 AM
Hi,
Can you post your sanitized config.
Have you tried debugging ?
Regards.
Alain
11-30-2011 02:09 AM
Hi:
Configuration:
ip domain name xxx.com.sg
ip ssh time-out 30
ip ssh authentication-retries 2
access-list 10 remark "SSH Access Restriction"
access-list 10 permit 123.49.101.6
access-list 10 permit 10.168.2.213
access-list 10 permit 10.168.4.219
access-list 10 permit 10.168.4.217
line vty 0 4
session-timeout 15
access-class 10 in
exec-timeout 5 0
privilege level 15
logging synchronous
transport input telnet ssh
transport output all
line vty 5 15
no exec
transport input none
!
12-05-2011 01:04 PM
Jason
Can you post the output of show ip ssh from the router?
HTH
Rick
01-18-2012 05:39 AM
Hi,
Did you get this solved? I have the same symptoms.
Thanks
01-23-2012 06:56 AM
Upgraded the 2901 to 15.1(4)M3 => solved
01-23-2012 11:20 AM
Thank you for posting back to the thread and telling us that a code upgrade fixed the problem. This is helpful to know.
HTH
Rick
01-30-2012 03:00 PM
I can confirm this behavior.
I could not SSH out from my Cisco 2901 running c2900-universalk9-mz.SPA.151-4.M2.bin
Upgrading to c2900-universalk9-mz.SPA.151-4.M3.bin fixed the issue.
No configuration chages were made.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide