Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20135
Views
0
Helpful
9
Replies

not able to ssh out from a router

jason_majie
Level 1
Level 1

‎11-29-2011 05:10 PM

Hi All:

I notices i can't not ssh out to another device from my router.

SSH in from my client (putty) works fine.

and not access-list attached to vty with out direction.

transport output all

I found this problem happened on my ASR1002 with "asr1000rp1-adventerprisek9.03.03.01.S.151-2.S1.bin" and my 2921 router with "c2900-universalk9-mz.SPA.151-4.M2.bin",  but it works fine on 7200  with "c7200-advipservicesk9-mz.151-4.M.bin". and my old router 28/18 with 12.4 ios work fine as well.

The symptom is:

BMP-2921-R01#ssh -l jason 1.1.1.1

% Connections to that host not permitted from this terminal

any idea? please help me out

thanks

Labels:
0 Helpful
9 Replies 9

cadet alain
VIP Alumni
VIP Alumni

‎11-30-2011 12:24 AM

Hi,

can you telnet this host from this device ?

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

jason_majie
Level 1
Level 1
In response to cadet alain

‎11-30-2011 01:32 AM

Telnet works fine.

The problem is on the router itself not on the remote site, even i try ssh to a dummy ip , the router desn't ever check its routing table and immediate tell me not permitted.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to jason_majie

‎11-30-2011 02:05 AM

Hi,

Can you post your sanitized config.

Have you tried debugging ?

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

jason_majie
Level 1
Level 1
In response to cadet alain

‎11-30-2011 02:09 AM

Hi:

Configuration:

ip domain name xxx.com.sg

ip ssh time-out 30

ip ssh authentication-retries 2

access-list 10 remark "SSH Access Restriction"    

access-list 10 permit 123.49.101.6

access-list 10 permit 10.168.2.213

access-list 10 permit 10.168.4.219

access-list 10 permit 10.168.4.217

line vty 0 4

session-timeout 15

access-class 10 in

exec-timeout 5 0

privilege level 15

logging synchronous

transport input telnet ssh

transport output all

line vty 5 15

no exec

transport input none

!

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jason_majie

‎12-05-2011 01:04 PM

Jason

Can you post the output of show ip ssh from the router?

HTH

Rick

HTH

Rick
0 Helpful

langoustator
Level 1
Level 1

‎01-18-2012 05:39 AM

Hi,

Did you get this solved? I have the same symptoms.

Thanks

0 Helpful

langoustator
Level 1
Level 1
In response to langoustator

‎01-23-2012 06:56 AM

Upgraded the 2901 to 15.1(4)M3 => solved

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to langoustator

‎01-23-2012 11:20 AM

Thank you for posting back to the thread and telling us that a code upgrade fixed the problem. This is helpful to know.

HTH

Rick

HTH

Rick
0 Helpful

rtalipinani
Level 1
Level 1

‎01-30-2012 03:00 PM

I can confirm this behavior.

I could not SSH out from my Cisco 2901 running c2900-universalk9-mz.SPA.151-4.M2.bin

Upgrading to c2900-universalk9-mz.SPA.151-4.M3.bin fixed the issue.

No configuration chages were made.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents