Cisco Support Community
Community Member

show memory dead - many SSH proc

After being up less than three days - "show memory dead" displays 4,100 instances of

entries like:

4B021528 0000000156 4B0211A0 4B0215F4 001  -------- -------- 43BA7684  SSH Process

The device is a 2811 ISR running 12.4(24)T3.  I have been troubleshooting a problem

where by outbound dialing starts to fail intermittently and a router reboot solves the

issue.  Any idea what could be triggering all these SSH proc dead memory entries?

Might they be related to some of the inconsistent VOIP (SIP trunk) behavior?


show memory dead - many SSH proc

Do you have an acl on the interface that could block ssh? It seems to me there are a bunch of half open connections that the router is trying to keep open. If you aren't blocking ssh, maybe you should...


*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Community Member

show memory dead - many SSH proc

To secure access I am using Zone firewall and an ACL on vty 0 4.  For the latter note:

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input ssh

sfo-c2811-1#sho access-list 23

Standard IP access list 23

    10 permit

    20 permit, wildcard bits

    30 permit, wildcard bits

    40 permit, wildcard bits (32 matches)

    50 permit, wildcard bits

    60 deny   any log

The zone firewall is very simple - permit everything out.  Deny everything in except SIP and ping.

Looking at syslog I don't see any denies for SSH - just some denied snmp.  Drop is the default

class for the policy. 

zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit

It's conceivable something inside is banging against it.  Perhaps I should put on a permit all ACL to see if something inside is going rogue with SSH attempts to it.  Thank you for the thoughts. 

CreatePlease to create content