Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
4
Replies

Problem logging into router after SSH

whitelabcoat
Level 1
Level 1

‎02-03-2014 01:28 PM - edited ‎03-07-2019 05:59 PM

I have two 1811 routers wherein I have setup SSH.  Everything went well on both.  This is the first time I've decided to do SSH and/or better security.  Both are not-yet-production.

I went home Friday with everything working fine.  I come back in Monday and decide to login to both.  The first was fine and I got in ok.  The 2nd, however, gave me a "connection refused" error from putty.  I kept trying and finally roll-over cabled into it.  I could find nothing wrong and I got in fine via rollover.

I finally saved the config and powered-all-the-way down and then back up.  This allowed me in fine.

Question: I am concerned about doing the rest of my production routers with SSH as I've never had this problem before, and would hate to have to cold start a router in production in order to  get into it.

Am I being silly or missing something?

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎02-03-2014 01:35 PM

You usually don't need to reboot to login via SSH.  It could be bug in the IOS that resolved it temporarily.  Next time, if you have the same issue try using a different terminal emulator like Tera Term or SecureCRT.  SecureCRT is not free.

HTH

0 Helpful

paul driver
VIP
VIP

‎02-03-2014 02:12 PM

Hello

Could you post your config and also

sh ip ssh

Res
Paul

Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ryancisco01
Level 1
Level 1

‎02-03-2014 02:34 PM

Connection refused can mean all the lines are in use. Possibly, you have only configured one VTY line, and didn't disocnnect the previous sesison correclty. hence it refused your new attempt.

I would do this:

line vty 0 4

exec-timeout 20 0

transport input ssh

this will allow 5 connections ( 0 through 4), and will automaitcally close them after 20 minutes of inactivity and will refuse any telnet attempts.

0 Helpful

tgut
Level 1
Level 1

‎02-03-2014 03:46 PM

How many bits did you use to generate the crypto key rsa?

I had a issue just like that, i was using 512, then re-generate the crypto key with 1024, then everything went ok

"The recommended minimum modulus size is 1024 bits."

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfssh.html

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card