[c-nsp] Cisco 6509-E SSH and Telnet not allowing connections

Lee Starnes lee.t.starnes at gmail.com
Sat Feb 27 17:38:21 EST 2021 

Hi Lukas,

Thanks for the reply. So sh users list none. sh line list all 16.

#sh line sum
        0: U--- ???? ???? ???? ?


   1 character mode users.           (U)
  13 lines never used                (?)
   1 total lines in use,    0 not authenticated (lowercase)

Tried to remove the vty config and add them back. No joy.

Best,

-Lee

On Sat, Feb 27, 2021 at 12:58 PM Lukas Tribus <lukas at ltri.eu> wrote:

> Hello,
>
>
> On Sat, 27 Feb 2021 at 20:03, Lee Starnes <lee.t.starnes at gmail.com> wrote:
> >
> > Hello all,
> >
> > Ran into an issue that I can't seem to resolve and really don't want to
> > reboot the chassis. Have 1 of our 6509-e units that has decided it is not
> > going to allow connections to it via ssh or telnet. I can get access via
> > console. When trying to connect, you do not get connection refused. You
> > just hang for several seconds before getting a connection timed out
> > message.
> >
> > On the switch, I show no connection attempts.
> >
> > A check to see if the ssh server is running and have any connections
> shows
> > normal.
> > #sh ip ssh
> > SSH Enabled - version 1.99
> > Authentication timeout: 120 secs; Authentication retries: 3
> > #sh ssh
> > %No SSHv1 server connections running.
> > %No SSHv2 server connections running.
> >
> > Doing debugs, I see nothing show up for connection attempts. Also if I
> > attempt to connect to itself from itself it also just hangs before
> getting
> > a connection timed out message. I would expect the normal response of
> > connection refused when trying to connect to itself.
> >
> > There is an ACL in place on the VTY lines and even removing that, still
> > gets the same results. I have removed the input transport on the vty
> lines
> > and then read added them.
> >
> > Is there anything else I can try before having to reboot/switch to the
> > standby SUP?
> >
> > This was all working normally until sometime around 4am. and nothing was
> > logged before or after the issue started other than my login via console
> > and various changes/commands issued in an attempt to debug/resolve this
> > issue.
>
> show users
> show line
> show line summary
> show tcp brief | inc \.23 |\.22 ||Foreign
>
> How many VTY lines are actually configured?
>
> I'm thinking about hung VTY sessions. Use "clear line ..." and "clear
> tcp tcb ..." to kill orphan sessions and TCP connections. You can also
> try raising the number of VTY lines.
>
>
>
> > There is an ACL in place on the VTY lines and even removing that, still
> > gets the same results. I have removed the input transport on the vty
> lines
> > and then read added them.
>
> Instead of removing and adding "input transport" again, try removing
> the line vty section (in its entirety), and reconfigure it from
> scratch.
>
>
>
> Lukas
>

More information about the cisco-nsp mailing list