[c-nsp] ASA SSH problem

Bagosi Rómeó Romeo.Bagosi at integris.hu
Mon Jul 30 09:45:13 EDT 2007 

Hello Experts!

I have a problem connecting to ASA with SSH to the outside interface.
My SSH worked, but I've reloaded the ASA (with saved configuration), and now it doesn't works.
I want to connect from a Linux Server.

The SSH configuration is:
aaa authentication ssh console LOCAL
username admin password xxxxxx privilege 15
ssh *.*.6.1 255.255.255.255 outside
ssh timeout 5

I have public keys generated (using this device for VPN).

The debug ssh says:

%Device ssh opened successfully.
SSH0: SSH client: IP = '*.*.6.1'  interfaceS # = 1
SSH: host key initialAised
SSH0: starting SSH cont-rol process
SSH0: 6Exchanging versions - SSH-1.9-9-Cisco-1.25
SSH0: send SSH message:3 outdata is NU0LL 2

se0rver version s1tring:SSH-1.99-Cisco-1.253: Built inbound TCP connection 59 for outside:*.*.6.1/40706 (*.*.6.1/40706) to NP Identity Ifc:*.*.6.2/22 (*.*.6.2/22)

%ASA-7-710002: TCP access permitted from *.*.6.1/40706 to outside:*.*.6.2/ssh

SSH0: receive SSH message: 83 (83)
SSH0: client version is - SSH-2.0-OpenSSH_3.4p1

client version string:SSH-2.0-OpenSSH_3.4p1SSH0: begin server key generation
SSH0: complete server key generation, elapsed time = 770 ms

SSH2 0: SSH2_MSG_KEXINIT sent%ASA-7-710005: TCP request discarded from *.*.6.1/40706 to outside:*.*.6.2/22

%ASA-7-710005: TCP request discarded from *.*.6.1/40706 to outside:*.*.6.2/22

%ASA-6-302014: Teardown TCP connection 54 for outside:*.*.6.1/58911 to NP Identity Ifc:*.*.6.2/22 duration 0:10:25 bytes 1438 FIN Timeout

%ASA-6-302014: Teardown TCP connection 56 for outside:*.*.6.1/33068 to NP Identity Ifc:*.*.6.2/22 duration 0:08:07 bytes 2490 Connection timeout

%SSH0: Session disconneActed by SSH server - error 0x3c "Time-out activated"
SSH0: receive SSH message: [no message ID: variable *data is NULL]
SA-6-315011: SSH session from *.*.6.1 on interface outside for user "" disconnected by SSH server, reason: "Time-out activated" (0x3c) 
  

Now the SSH Server disconnected because of "Time-out activated", but several times disconnects with "Internal Error".

What can be the problem?


Thanks,
Romeo Bagosi

More information about the cisco-nsp mailing list