Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2145
Views
0
Helpful
2
Replies

My ASA 5505 stops accepting SSH connections after a few days

Go to solution
thomasdzubin
Level 1
Level 1

‎02-29-2008 08:16 AM - edited ‎03-11-2019 05:10 AM

I have an ASA 5505 running v8.03 firmware that after a few days of uptime stops accepting SSH connections.

My SSH setup is pretty simple, just:

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 60

I get the following messages in my syslog when SSH stops working:

(yyy.y.yyy.y is my SSH client's IP, xxx.xxx.xxx.xx is the ASA firewall IP)

02-29 09:05:22 Local4.Info xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-6-302013: Built inbound TCP connection 495222 for outside:yyy.y.yyy.y/56782 (yyy.y.yyy.y/56782) to NP Identity Ifc:xxx.xxx.xxx.xx/22 (xxx.xxx.xxx.xx/22)

2008-02-29 09:05:22 Local4.Notice xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-5-321001: Resource 'ssh' limit of 5 reached for context 'single_vf'

2008-02-29 09:05:22 Local4.Info xxx.xxx.xxx.xx Feb 29 2008 09:08:30: %ASA-6-302014: Teardown TCP connection 495222 for outside:yyy.y.yyy.y/56782 to NP Identity Ifc:xxx.xxx.xxx.xx/22 duration 0:00:00 bytes 0 TCP FINs

Anyone have any ideas on what causes this and how to fix? (I've been rebooting the ASA to fix it which seems drastic)

I don't have any problems on any of my other ASA boxes, but they are running 8.02...so maybe this is something specific to 8.03?

(or maybe the box is under a DOS SSH attack which is using up all the SSH process resources?)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jason.henderson
Level 1
Level 1

‎02-29-2008 12:38 PM

It's a bug in the v8.03 software - Cisco Bug Toolkit recommends a downgrade to 7.x

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jason.henderson
Level 1
Level 1

‎02-29-2008 12:38 PM

It's a bug in the v8.03 software - Cisco Bug Toolkit recommends a downgrade to 7.x

0 Helpful

Go to solution
thomasdzubin
Level 1
Level 1
In response to jason.henderson

‎02-29-2008 01:19 PM

Thanks... here are the details in case anyone else runs into it:

CSCsm68097 Bug Details

ASA 8.0.x - SSH resource exhausted preventing further sessions

Symptom:

Under a rare occurance, SSH sessions for management access can become locked preventing further SSH connections to be established to the ASA.

Conditions:

ASA 8.0(2), 8.0(3)

SSH enabled

Workaround:

A reload will clear the hanged SSH sessions.

-other types of connections still function (telnet,console)

-downgrade to 7.x code

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card