[c-nsp] SSH failing on multiple context ASA
C. Jon Larsen
jlarsen at richweb.com
Tue Nov 9 12:05:52 EST 2010
On Tue, 9 Nov 2010, Peter Rathlev wrote:
> On Tue, 2010-11-09 at 13:35 +0000, Matthew Melbourne wrote:
>> We're using a pairs of ASA5550s in a hosting environment to provide
>> contexts to end-users. The ASAs are running 8.2(3)5 and it would
>> appear that SSH periodically fails on some contexts. The temporary fix
>> is to issue "no ssh <network> <mask> <interface>" then "ssh <network>
>> <mask> <interface>" and SSH access comes back. In a failure scenario,
>> port 22 still appears to be open.
>
> Out of curiosity: How does it fail? Does it send you an SSH banner (e.g.
> "SSH-1.99-Cisco-1.25") if you connect to port 22? Or is it stuck after
> open, never sending a banner?
>
> We're not using 8.x yet, and I haven't seen the symptom on 7.2.
I have never seen it with 8.2(2) on many models (more than 30). Soon as I
put 8.2.(3) on an asa5505 happened within 48 hrs on the 1 unit. Only way
to get back in was a reset.
You can telnet to port 22 and see the port connected, but no banner is
issued.
More information about the cisco-nsp
mailing list