I have a problem with SSH connection.
I have a network, which can be pinged and connected by SSH from my laptop.
And some other machines (in my subnet)can ping this range of network, but can't connect by SSH.
No access list restrictions. No closed ports from server side.
And one thing...
I've checked bu wireshark, and see that, when this machines try to connect by SSH, there is no request out of its Ethernet interface. Ping is ok, again.
But they can connect by SSH to other machines, from other subnets.
Which information do you need to investigate and help with this problem?
"I've checked bu wireshark, and see that, when this machines try to connect by SSH, there is no request out of its Ethernet interface." << Is this machine has Firewall or ACL enabled?
If the original poster is able to SSH to the device from his laptop then this demonstrates that SSH is enabled and seems correctly configured (which rules out one of the most common problems).
If other devices are able to ping then it seems to demonstrate IP connectivity and correct routing (which rules out another of the common problems).
I wonder if the problem might involve versions of SSH and what is configured on the device. If the device specifies version 2 (for example) and the original poster is specifying version 2 but the other devices are using version 1 then it would cause these symptoms.
It would be helpful if the original poster would provide the output of show ip ssh and the configuration of the vty ports. It would be even more helpul if the original poster would provide the complete configuration of the device (with sensitive data masked out).
Thanks for your replies,
We found the cause of the problem.
We think the problem is OSPF - HSRP - Asymmetric routing problem ()
Here is the topology:
We tested SSH from two different hosts. UserA can SSH, USerB can't. Here is tracert output from these two hosts
As you can see from output image, there is two equal cost routes from switch SW and it load balanced the traffic.
What solution do you offer for automatically resolve this issue?
I dont think there is network reachability issue . Do you have switch between destination server ?? on vlan 165 . Share me following output
Show Spanning tree vlan 165 from from both sw1 and sw2
show ip arp | in 192.168.165.100
show mac address address-table | in 192.168.165.100
To simulate bring down link connecting to SW2 , ensure only one link to sw-vlan30-sw1-vlan165 , check the SSH connectvity from both users , Similarly perform vice versa by shutingdown link connecting to sw1 .
Yes there is no network reachability issue. Lets explain the issue little bit.
As you see from users.jpg traffic from UserA goes through SW1 which is active for HSRP group165. Thats why traffic for both direction flows through SW1.
But from UserB traffic goes through SW2 and then return traffic goes through SW1.
Because switch SW load balances traffic -
SW#sh ip cef exact-route 192.168.41.210 192.168.165.100
10.10.41.210 -> 192.168.165.100 => IP adj out of Vlan30, addr 192.168.30.251
SW#sh ip cef exact-route 192.168.41.198 192.168.165.100
10.10.41.198 -> 192.168.165.100 => IP adj out of Vlan30, addr 192.168.30.249
Ping works from both source, but SSH is not working.
SW1 and SW2 should have vlan 192.168.165.X shown as connected and not learning this via ospf (vlan30).
How are the SW1 and SW2 connected? L2 or L3?