Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Quirky one: Logging in

Hi all,

I'm not sure what's missing here. I moved a FW over the weekend and now only have console access. It's a 5520 running 8.0(3). From the config I have the usual:

ssh scopy enable

ssh 10.x.0.0 255.255.0.0 Axx

ssh timeout 10

ssh version 2

telnet 10.x.0.0 255.255.0.0 Axx

telnet timeout 120

management-access Axx

- I've zeroized and regenerated the rsa key.

- The Axx int is up and up and I can ping it from the 10.x.0.0 network. Axx is also the inside interface security-100. Managemnet0/0 is in shutdown

The following logs are generated when telneting and ssh respectively (same except for d-port):

17:03:03: %ASA-6-302013: Built inbound TCP connection 8100 for ASG:10.x.14.14/1898 (10.x.14.14/1898) to NP Identity Ifc:10.x.109.10/23 (10.x.109.10/23)

17:03:03: %ASA-6-302014: Teardown TCP connection 8100 for ASG:10.x.14.14/1898 to NP Identity Ifc:10.x.109.10/23 duration 0:00:00 bytes 0 TCP Reset-I

17:19:41: %ASA-6-302013: Built inbound TCP connection 8270 for ASG:10.x.0.60/33251 (10.x.0.60/33251) to NP Identity Ifc:10.x.109.10/22 (10.x.109.10/22)

17:19:41: %ASA-6-302014: Teardown TCP connection 8270 for ASG:10.x.0.60/33251 to NP Identity Ifc:10.x.109.10/22 duration 0:00:00 bytes 0 TCP Reset-I

From PuTTY I just get "Network error: Software caused connection abort". From OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 I get a "ssh_exchange_identification: read: Connection reset by peer" and back to bash prompt

Both these clients worked fine on this FW before the power-down and move and still work on all other ASAs and PIXs and ... Very little luck finding anything on Web.

Any help much appreciated

- Mike

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Quirky one: Logging in

haha, how very annoying :)

glad you got it fixed though

3 REPLIES
New Member

Re: Quirky one: Logging in

Have you enabled 'debug ssh' yet?

Lots of useful data printed back to screen when attempting login that may help you :)

New Member

Re: Quirky one: Logging in

Hi Handsy

I did do a debug before your reply and I got:

SSH2 0: waiting for SSH2_MSG_NEWKEYSSSH0: TCP read failed, error code = 0x86300003 "TCP connection closed"

SSH0: receive SSH message: [no message ID: variable *data is NULL]

SSH2 0: Unexpected mesg type receivedSSH0: Session disconnected by SSH server - error 0x00 "Internal error"

... but as it's a/hrs here I thought "stuff it" and rebooted. It is not the first time it has gone down since the weekend tho. Then when I tried my trusty linux SSH I was again denied but this time with the good looking "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"

I deleted the key in known_hosts and now I am back in. But I don't understand it as telnet would not work either, now it does of course.

I hate 'fixing' things with a reboot ... it's so, like, microsoft :)

Cheers anyways,

Mike

New Member

Re: Quirky one: Logging in

haha, how very annoying :)

glad you got it fixed though

1632
Views
0
Helpful
3
Replies