Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Getting SSH error 'connection refused'

Hello,

I need some help on this issue. On some routers and switches I am getting connection refused when trying to SSH to them. Telnet works fine ofcourse. I am  thinking it maybe the 'crypto key generate rsa' command is missing? But some of the routers that are having the issue have that command issued.  Here is the configuration (I removed encrypted passwords)  What could it be?


ALAM-RTR1-2811#show run
Building configuration...

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALAM-RTR1-2811
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
no logging console
enable secret 5
!
aaa new-model
!
!
aaa authentication login default group radius local-case
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
!
aaa session-id common
!
resource policy
!
memory-size iomem 10
clock timezone MDT -7
clock summer-time mdt recurring
ip subnet-zero
!
!
ip cef
!
!
no ip domain lookup
ip domain name parametrix.com
ip ssh rsa keypair-name ALAM-RTR1-2811
ip ssh version 2
!
modemcap entry usrmodem1:MSC=&FS0=1&C1&D3&H1&R2&B1
!
!
username routeradmin secret 5
!
!
!
interface Loopback1
ip address 172.30.127.254 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface FastEthernet0/0
description Uplink to Quest MPLS
no ip address
duplex full
speed 100
!
interface FastEthernet0/0.705
description Quest qmoe
encapsulation dot1Q 705
ip address 192.168.252.65 255.255.255.192
no snmp trap link-status
!
interface FastEthernet0/0.706
description Quest MPLS
encapsulation dot1Q 706
ip address X.x.X.x 255.255.255.252
no snmp trap link-status
!
interface FastEthernet0/1
description Uplink to internal network
ip address 172.30.0.1 255.255.252.0
duplex full
speed 100
!
ip classless
ip route 0.0.0.0 0.0.0.0 63.234.101.209
ip route x.x.x.x 255.255.255.252 x.x.x.x.
ip route 172.21.0.0 255.255.128.0 192.168.252.66
ip route 172.22.0.0 255.255.128.0 x.x.x.x.x
ip route 172.30.0.0 255.255.128.0 172.30.0.30
!
ip http server
no ip http secure-server
!
snmp-server community XXXXXX RW 1
snmp-server community XXXXXX RO 1
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps envmon
snmp-server enable traps config
radius-server host 172.24.10.44 auth-port xxxx acct-port xxxx key 7
!
control-plane
!
banner exec ^CCC
Welcome to the Parametrix Albuquerque Router
^C
banner login ^CCC Welcome to the Albuquerque Router .  Please login.
^C
banner motd ^CCC
        >>>>>>>>>> WARNING <<<<<<<<<<
Unauthorized access to this system is a violation of the Federal Electronics
Communications Privacy  Act of 1986, and may result in fines of $250,000
and/or imprisonment (Title 18, USC).
^C
!
line con 0
exec-timeout 30 0
password 7 XXXXXXXXXXXXX
logging synchronous
line aux 0
password 7 XXXXXXXXXXXXX
logging synchronous
modem InOut
modem autoconfigure type usrmodem1
transport input all
autoselect during-login
autoselect ppp
flowcontrol hardware
line vty 0 4
exec-timeout 30 0
password 7 XXXXXXXXXXXXXXX
transport input telnet ssh
transport output all
!
scheduler allocate 20000 1000
ntp clock-period 17180099
ntp master 2
ntp server 140.142.16.34
!
end

7 REPLIES
VIP Super Bronze

Getting SSH error 'connection refused'

Hi,

What is the IOS name and version for the devices that are not working?

Can you post "sh ver | inc bin"?

New Member

Getting SSH error 'connection refused'

it is:

System image file is "flash:c2800nm-ipbasek9-mz.124-3g.bin"

VIP Super Bronze

Getting SSH error 'connection refused'

The image looks good.

1-Did you create the crypto key?

2-If yes, can you replace

transport input telnet ssh

with

transport input all

and test again?

here is a link on how to generate the key

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Make sure you have console access to the router before making any changes for line vty 0 4

HTH

New Member

Getting SSH error 'connection refused'

Ok thanks. I will try your suggestion and let you know how it goes.

Hall of Fame Super Gold

Getting SSH error 'connection refused'

no ip http secure-server

One of the reason is this.  And where's your crypto?

ntp master 2

Get rid of this line.

New Member

Getting SSH error 'connection refused'

isn't the no ip http secure-server just disabling HTTP management? How is that related to ssh? 

Purple

Getting SSH error 'connection refused'

  Thats correct that just shuts off the secure GUI function .  Check keys, show crypto key my rsa .    You can also try zeroizing the key and recreating it .

30720
Views
0
Helpful
7
Replies