SSH stops working

Sometimes I cannot ssh to my router, a c2811 with advanced enterprise
12.4.1a, but if I restarts the router then it will work fine again.

When this problem happens, all other functions of the router seems
working fine. Workstations still be able to access the Internet, VPN
Client still be able to connect to the router ... only I can not ssh to
the router.

Any idea where I can look at ?

Thanks,

DT

 

Hi DT,

You may wish to investigate the Cisco Feature Navigator:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

As well as Cisco's Configuring Secure Shell on Routers and Switches
Running Cisco IOS

http://www.cisco.com/warp/public/707/ssh.shtml

Sincerely,

Brad Reese
BradReese.Com Cisco Repair Service Experts
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
Toll Free: 877-549-2680
International: 828-277-7272
Website: http://www.bradreese.com/cisco-big-iron-repair.htm

 

Which kind of problem (connection timeout, connection refused or simply the client exits without any error messages)
Have you perhaps changed RSA keys? After having changed them it will never accept new connections.
It happened to me with 12.4.1

HTH Alex.

 

Hi Brad, thanks for your reply. Yes I did use those URL when I set up
SSH on my router. I may have to read it again.

What I do not understand is after I restart the router, it works fine
again.

DT

 

Hi Alex, thanks for your reply.
I get the error "Connection refused.". No I do not change the key.
Currently my temporary fix is to restart the router ( if it happens
during the weekend ) or to use my Linux box with the serial cable to
the console.

DT

 

Since you're on the console you could do some debug to find out what's
going on.

 

Hi Polio, thanks for your reply.

Yes, that's what I am waiting for at this time because it only
happens sometimes, and while waiting for it to happen again, I would
like to know if anybody experiences it.

DT

 

I used to see this happen when the router runs out of memory.

 

While it happens please have a look to the number of connections opened by the router for NAT ("sh ip nat tra") in case use

ip nat translation max-entries <# of translations>


Alex.

 

it seems to be a ARP issue. if it occurs again just clear the ARP on
your oruter and your ISP router. See if it works. After that.
Rebooting the router clears all the tables that is the only diference.
so may be you could clear the nat table as well.

 

Barry, Alex, Rave,

Thanks for your reply. It makes sense to check what you suggested (
more memory, NAT table is full, or ARP table is corrupted ).

This problem does not always happen . To be safe than sorry, I just
ordered a 512Mb to put in the router which is in production right now.

I have another same router in development. I am going to use some Linux
boxes, each for simulating one internal network, they will run the
script to change their ip, mac address, to issue some ftp/web access. I
hope this will help finding out the culprit.

Thanks again,

DT

 

Have you thought about this to be some kind of software bug? I mean, it
looks like random unsolicited behaviour whenever it happens. May be its a
bug. I think, may be you should try another release (e.g. 12.4.2T).

Extra information:

12.4.1a is a limited deployment IOS, while 12.4.2T is early deployment:

"Early Deployment (ED) ---
Software releases that provide new features and new platform support
*** in addition to bug fixes. ***"

"Limited Deployment (LD) ---
A Major Release of Cisco IOS software is said to be in the "Limited
Deployment" phase of its lifecycle during the period between initial FCS and
the General Deployment (GD) milestones."

 

This problem just happened again. And I just found out that I set the
vtys only from 0 to 4, and I used all of them.

After extending this number, I am able to ssh to the router again.


DT

 

Similar issue, SSH fails, telnet works

Hi all,

I have a weird behavior on my Cisco router here. I had to restart it for password recovery. Post restart, the config was restored from backup and since then SSH to router comes back with "Connection refused". I can telnet however.

I have several VTY lines, all with preferred transport mode as SSH:
line vty 0 4
exec-timeout 9 20
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 9 20
transport preferred ssh
transport input telnet ssh
line vty 16
exec-timeout 9 20
password 7 0945401A0D041B1E
transport preferred ssh
transport input telnet ssh
!

I have identical config on several other branch routers (2800) and it works fine. OS version is Version 15.1(4)M2