[c-nsp] ASA SSH problem
Church, Charles
cchurch at multimax.com
Tue Jul 31 08:29:48 EDT 2007
5 seconds seems pretty short for a timeout. Have you tried a different SSH client? What encryption protocol is being used? I use Putty all the time with an ASA, never seen this. What ASA version is it, have you looked for bugs involving SSH?
Chuck
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bagosi Rómeó
Sent: Tuesday, July 31, 2007 2:35 AM
To: Voll, Scott
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA SSH problem
Hi!
1. I saved the rsa keys before reload. And after reload i've regenerated and deleted the keys, but doesn't helped.
2. I have the ssh x.x.x.x y.y.y.y outside command.
-----Original Message-----
From: Voll, Scott [mailto:Scott.Voll at wesd.org]
Sent: Monday, July 30, 2007 4:44 PM
To: Bagosi Rómeó
Subject: RE: [c-nsp] ASA SSH problem
Two guesses.
1. your RSA key didn't get saved or
2. you don't have SSH allowed from that outside IP address ie. Ssh x.x.x.x y.y.y.y outside.
Just my first thoughts.
Scott
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bagosi Rómeó
Sent: Monday, July 30, 2007 6:45 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA SSH problem
Hello Experts!
I have a problem connecting to ASA with SSH to the outside interface.
My SSH worked, but I've reloaded the ASA (with saved configuration), and now it doesn't works.
I want to connect from a Linux Server.
The SSH configuration is:
aaa authentication ssh console LOCAL
username admin password xxxxxx privilege 15
ssh *.*.6.1 255.255.255.255 outside
ssh timeout 5
I have public keys generated (using this device for VPN).
The debug ssh says:
%Device ssh opened successfully.
SSH0: SSH client: IP = '*.*.6.1' interfaceS # = 1
SSH: host key initialAised
SSH0: starting SSH cont-rol process
SSH0: 6Exchanging versions - SSH-1.9-9-Cisco-1.25
SSH0: send SSH message:3 outdata is NU0LL 2
se0rver version s1tring:SSH-1.99-Cisco-1.253: Built inbound TCP connection 59 for outside:*.*.6.1/40706 (*.*.6.1/40706) to NP Identity Ifc:*.*.6.2/22 (*.*.6.2/22)
%ASA-7-710002: TCP access permitted from *.*.6.1/40706 to outside:*.*.6.2/ssh
SSH0: receive SSH message: 83 (83)
SSH0: client version is - SSH-2.0-OpenSSH_3.4p1
client version string:SSH-2.0-OpenSSH_3.4p1SSH0: begin server key generation
SSH0: complete server key generation, elapsed time = 770 ms
SSH2 0: SSH2_MSG_KEXINIT sent%ASA-7-710005: TCP request discarded from *.*.6.1/40706 to outside:*.*.6.2/22
%ASA-7-710005: TCP request discarded from *.*.6.1/40706 to outside:*.*.6.2/22
%ASA-6-302014: Teardown TCP connection 54 for outside:*.*.6.1/58911 to NP Identity Ifc:*.*.6.2/22 duration 0:10:25 bytes 1438 FIN Timeout
%ASA-6-302014: Teardown TCP connection 56 for outside:*.*.6.1/33068 to NP Identity Ifc:*.*.6.2/22 duration 0:08:07 bytes 2490 Connection timeout
%SSH0: Session disconneActed by SSH server - error 0x3c "Time-out activated"
SSH0: receive SSH message: [no message ID: variable *data is NULL]
SA-6-315011: SSH session from *.*.6.1 on interface outside for user "" disconnected by SSH server, reason: "Time-out activated" (0x3c)
Now the SSH Server disconnected because of "Time-out activated", but several times disconnects with "Internal Error".
What can be the problem?
Thanks,
Romeo Bagosi
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list