Solved

ssh issues to router

Posted on 2015-01-28
8
966 Views
Last Modified: 2015-01-28
I will get a chance to get into the router via console. The router is at another state. For some reason, I am getting "connection refused" errors when trying to ssh in. It works just fine after a reboot, but after few times or few hours it will fail again with the above error. It happens daily. The only way to get back in is if I reboot the router.

The VTY lines look normal
line vty 0 4                  
 session-timeout 40                  
 exec-timeout 40            
 password 7 xxxxxxxxxxxx
 transport input ssh                  

I also have this:
service tcp-keepalives-in                        
service tcp-keepalives-out                        
service timestamps debug datetime msec                        
service timestamps log datetime msec                        
service password-encryption                        
no service password-recovery                        

Anything I should be checking for when I get into the console?
- I will check if the certificate is present
- If there are hung sessions

Anything else I could check to verify? There is no acl's on the vty lines as you can see, not sure what else to look for.

thank you
0
Comment
Question by:Shark Attack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 3

Author Comment

by:Shark Attack
ID: 40575481
well i did find out there is an ACL on the vty lines. I am not sure why it didnt show up in my previous show run. Must have been coming back after reboots.

So I tried to take the ACL off the vty's and it gives me the below error

config-line)#no access-class sl_def_acl in
%WARNING: The access list currently in force is the Quiet Mode access
list. The specified access list takes effect only after switching back
to normal mode operation.

How do I turn off the quite mode? or fix the above so I can get back in?

I tried:
no login quiet-mode - that didnt help

Any help?
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40575486
also got this on "show login"


     Router presently in Quiet-Mode.
     Will remain in Quiet-Mode for 6385 seconds.
     Denying logins from all sources.
0
 
LVL 29

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 40575682
sh run | i quiet

it sounds like quiet mode is turned on.

first try updating the access-list and reapply it to the vty.  then optionally modify the quiet mode configuration to something lower.

that is, after your 6385 seconds have elapsed.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 3

Author Comment

by:Shark Attack
ID: 40575701
thats my acl
Extended IP access list sl_def_acl
    10 deny tcp any any eq telnet log
    20 deny tcp any any eq www log
    30 deny tcp any any eq 22 log (2454 matches)
    40 permit tcp any any eq 22 log

this is the log message
Jan 28 16:05:56.528: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 10.153.0.223(54163) -> 0.0.0.0(22), 2 packet

So i can't do anything until that time elapses? Even via console mode?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 40575707
you should be able to get in via console.  I believe quiet mode is only applied to the vty interfaces.
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40575727
what is the command to lower that number down ?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 40575734
it should be the login block-for command.  Do a "sh run | i block" (no quotes and leave a space before and after the pipe).
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40575745
alright I modified it. will see what happens. Thanks.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question