Solved

ssh issues to router

Posted on 2015-01-28
8
619 Views
Last Modified: 2015-01-28
I will get a chance to get into the router via console. The router is at another state. For some reason, I am getting "connection refused" errors when trying to ssh in. It works just fine after a reboot, but after few times or few hours it will fail again with the above error. It happens daily. The only way to get back in is if I reboot the router.

The VTY lines look normal
line vty 0 4                  
 session-timeout 40                  
 exec-timeout 40            
 password 7 xxxxxxxxxxxx
 transport input ssh                  

I also have this:
service tcp-keepalives-in                        
service tcp-keepalives-out                        
service timestamps debug datetime msec                        
service timestamps log datetime msec                        
service password-encryption                        
no service password-recovery                        

Anything I should be checking for when I get into the console?
- I will check if the certificate is present
- If there are hung sessions

Anything else I could check to verify? There is no acl's on the vty lines as you can see, not sure what else to look for.

thank you
0
Comment
Question by:Shark Attack
  • 5
  • 3
8 Comments
 
LVL 1

Author Comment

by:Shark Attack
Comment Utility
well i did find out there is an ACL on the vty lines. I am not sure why it didnt show up in my previous show run. Must have been coming back after reboots.

So I tried to take the ACL off the vty's and it gives me the below error

config-line)#no access-class sl_def_acl in
%WARNING: The access list currently in force is the Quiet Mode access
list. The specified access list takes effect only after switching back
to normal mode operation.

How do I turn off the quite mode? or fix the above so I can get back in?

I tried:
no login quiet-mode - that didnt help

Any help?
0
 
LVL 1

Author Comment

by:Shark Attack
Comment Utility
also got this on "show login"


     Router presently in Quiet-Mode.
     Will remain in Quiet-Mode for 6385 seconds.
     Denying logins from all sources.
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
Comment Utility
sh run | i quiet

it sounds like quiet mode is turned on.

first try updating the access-list and reapply it to the vty.  then optionally modify the quiet mode configuration to something lower.

that is, after your 6385 seconds have elapsed.
0
 
LVL 1

Author Comment

by:Shark Attack
Comment Utility
thats my acl
Extended IP access list sl_def_acl
    10 deny tcp any any eq telnet log
    20 deny tcp any any eq www log
    30 deny tcp any any eq 22 log (2454 matches)
    40 permit tcp any any eq 22 log

this is the log message
Jan 28 16:05:56.528: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 10.153.0.223(54163) -> 0.0.0.0(22), 2 packet

So i can't do anything until that time elapses? Even via console mode?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
you should be able to get in via console.  I believe quiet mode is only applied to the vty interfaces.
0
 
LVL 1

Author Comment

by:Shark Attack
Comment Utility
what is the command to lower that number down ?
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
it should be the login block-for command.  Do a "sh run | i block" (no quotes and leave a space before and after the pipe).
0
 
LVL 1

Author Comment

by:Shark Attack
Comment Utility
alright I modified it. will see what happens. Thanks.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now