Saturday, September 6, 2025

Disconnect SSH Session in Cisco ASA

The Cisco ASA firewall supports up to 5 concurrent SSH login or users. I've received a report that some users couldn't login to the ASA and encountered a connection refused error. 

svr01 ~]$ ssh 192.168.1.254

ssh: connect to host 192.168.1.254 port 22: Connection refused

 

You can use the show ssh session command to view SSH users. Notice there's no available SSH session left.

ciscoasa# show ssh session

 

SID Client IP       Version Mode Encryption Hmac     State            Username

0   svr02        2.0     IN   aes128-ctr sha1     SessionStarted   admin1

                            OUT  aes128-ctr sha1     SessionStarted   admin1

1   svr01 1.99    IN   aes128-ctr sha1     SessionStarted   admin2

                            OUT  aes128-ctr sha1     SessionStarted   admin2

2   svr01 1.99    IN   aes128-ctr sha1     SessionStarted   admin3

                            OUT  aes128-ctr sha1     SessionStarted   admin3

3   svr01 1.99    IN   aes128-ctr sha1     SessionStarted   admin4

                            OUT  aes128-ctr sha1     SessionStarted   admin4

4   svr01 1.99    IN   aes128-ctr sha1     SessionStarted   admin5

                            OUT  aes128-ctr sha1     SessionStarted   admin5 

 

You can manually disconnect an SSH user using ssh disconnect <SESSION ID> privilege command. I was using SID 0 (admin1) so I can't disconnect my own SSH session.


ciscoasa# ssh ?

  disconnect  Specify SSH session id to be disconnected after this keyword

ciscoasa# ssh disconnect ?

  <0-2147483647>  SSH session id to be disconnected

ciscoasa# ssh disconnect 1

ciscoasa# ssh disconnect 2

ciscoasa# ssh disconnect 3

ciscoasa# ssh disconnect 4


ciscoasa# show ssh session    

SID Client IP       Version Mode Encryption Hmac     State            Username
0   svr02        2.0     IN   aes128-ctr sha1     SessionStarted   admin1
                            OUT  aes128-ctr sha1     SessionStarted   admin1

<BLANK>

 

No comments:

Post a Comment