[c-nsp] SSH failing on multiple context ASA

Pete Lumbis alumbis at gmail.com
Wed Nov 10 12:05:23 EST 2010


Are the SSH sessions getting hung? What do you see in "show resource
usage all"? Does it look like all of the SSH sessions are being used
(even if they aren't actively in use)?

-Pete

On Tue, Nov 9, 2010 at 2:23 PM, Ryan West <rwest at zyedge.com> wrote:
>
>
>>> On Tue, 2010-11-09 at 13:35 +0000, Matthew Melbourne wrote:
>>>> We're using a pairs of ASA5550s in a hosting environment to provide
>>>> contexts to end-users. The ASAs are running 8.2(3)5 and it would
>>>> appear that SSH periodically fails on some contexts. The temporary
>>>> fix is to issue "no ssh <network> <mask> <interface>" then "ssh
>>>> <network> <mask> <interface>" and SSH access comes back. In a failure
>>>> scenario, port 22 still appears to be open.
>>>
>>> Out of curiosity: How does it fail? Does it send you an SSH banner (e.g.
>>> "SSH-1.99-Cisco-1.25") if you connect to port 22? Or is it stuck after
>>> open, never sending a banner?
>>>
>>> We're not using 8.x yet, and I haven't seen the symptom on 7.2.
>>
>>I have never seen it with 8.2(2) on many models (more than 30). Soon as I put 8.2.(3) on an asa5505 happened within 48 hrs on the 1 unit. Only way to get back in was a reset.
>>
>>You can telnet to port 22 and see the port connected, but no banner is issued.
>
> Seeing the same on a 8.2(3) pair that started after the upgrade as well.  Strange thing is I could fail between the two and SSH to the secondary with no issues.  ASDM to use CLI to add and remove the affected line fixed it.  Seemed to be an IP specific SSH block.  Has anyone checked out 'show asp drop' when it's happening to see if the block is reported there.  Thanks to the OP for the workaround.
>
> -ryan
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list