The software version is A3(2.3). The reason I want to clear those 4 ssh sessions is because the ace is suffering a D.O.S attack affecting only the SSH administration to the device. I investigated the IP address of the remote hosts that are using all 4 available SSH lines, and they are present in a SSH BLACK LIST from the Internet.
I also tested the "clear ssh session-id" command in another ace with the same software version in my lab, and when I try to reproduce the scenario (taking all the 4 default available lines for SSH, but I guess its not the same as the D.O.S attack the production ACE is suffering), so once all 4 ssh lines are busy, I connect from telnet and doing that clear command I can succesfully clear/kill all the 4 ssh sessions. So according to the observed results, the "clear ssh" command works fine in my lab, but in the production ace it does not. Could it be because the D.O.S attack (that I cant reproduce in my lab) is also avoiding the clear action of that command?
Strange indeed. It doesn't seem to me that even a DoS attack should prevent you from clearing an SSH session. You might want to open a case with Cisco TAC at this point for further investigation as you may have found a new bug.
As a work-around, you may need to fail over to the standby ACE, so that you can reboot this one to clear the sessions. However, after performing any measures to clear the SSH sessions, then I would recommend restricting management access to your ACE to trusted networks only. Allowing management connectivity to the ACE from the Internet was probably not the intention. You can secure it by modifying your management class-map to something like this:
class-map type management match-any REMOTE_ACCESS 2 match protocol telnet 172.16.2.0 255.255.255.0 4 match protocol ssh 172.16.2.0 255.255.255.0 6 match protocol icmp any 5 match protocol xml-https 172.16.2.0 255.255.255.0 8 match protocol https 172.16.2.0 255.255.255.0
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...