Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Known issues with SSH on the ASA
There have been several issues with SSH failing to the ASA. Below are the most common issues we see. They are documented along with the version which contains the fix.
Version 8.2.3 and 8.3.2
There are two known bugs that you may run into. If you are running version 8.2.3, then it is recommended to upgrade to version 8.2.4 or later. If you are running 8.3.2, then you need to upgrade to 18.104.22.168 or later.
CSCti72411 ASA 8.2.3 may not accept management connections after failover
Symptom: ASA may not accept new management connections even though everything is properly configured.
Check: show asp table socket
Example of working one:
Protocol Socket Local Address Foreign Address State
TCP 00c361df 10.134.152.14:22 0.0.0.0:* LISTEN <= SSH socket is here SSL 00c36f5f 10.134.152.14:443 0.0.0.0:* LISTEN
Example of failing one: Protocol Socket Local Address Foreign Address State SSL 0022774f 10.134.152.14:443 0.0.0.0:* LISTEN <= no SSH socket
Conditions: This was first found on ASA 8.2.3 and after failover.
Workaround: Downgrade to previous version of code. (version 8.2.2 is not affected) Another possible workaround would be to remove and add again ssh/telnet/http network statements.
CSCti43763 (which also fixed CSCti72695) Management connection fail after multiple tries with SNMP connections.
Symptom: Management connections may fail after multiple tries with SNMP connections in background.
This bug can be identified by doing "show asp table socket" If you see management connection in a CLOSEWAIT state and then you do "show counters protocol npshim" and see the pending connections counter increment for every management connection attempt then you are hitting this bug.
First found in following scenario: ASDM will fail to load after multiple SNMP and HTTPS requests to the ASA.
Workaround: Currently, only reloading the ASA resolves the issue.
There is one known bug with SSH that will stop the ASA from accepting management connections even though the socket still appears to be open. This bug is fixed in version 22.214.171.124.
CSCtn75060 Unable to SSH to ASA after upgrade to version 8.4
After upgrade the ASA to 8.4(1), ssh to one or more interfaces are failing. Removing and re-adding the SSH configuration results in the following error message:
ciscoasa(config)# ssh 0 0 outside
ERROR: Unable to configure service on port 22, on interface 'outside'. This port is currently in use by another feature