The Cisco ASA firewall supports up to 5 concurrent SSH login or users. I've received a report that some users couldn't login to the ASA and encountered a connection refused error.
svr01 ~]$ ssh 192.168.1.254
ssh: connect to host 192.168.1.254 port 22: Connection refused
You can use the show ssh session command to view SSH users. Notice there's no available SSH session left.
ciscoasa# show ssh session
SID Client IP Version Mode Encryption Hmac State Username
0 svr02 2.0 IN aes128-ctr sha1 SessionStarted admin1
OUT aes128-ctr sha1 SessionStarted admin1
1 svr01 1.99 IN aes128-ctr sha1 SessionStarted admin2
OUT aes128-ctr sha1 SessionStarted admin2
2 svr01 1.99 IN aes128-ctr sha1 SessionStarted admin3
OUT aes128-ctr sha1 SessionStarted admin3
3 svr01 1.99 IN aes128-ctr sha1 SessionStarted admin4
OUT aes128-ctr sha1 SessionStarted admin4
4 svr01 1.99 IN aes128-ctr sha1 SessionStarted admin5
OUT aes128-ctr sha1 SessionStarted admin5
You can manually disconnect an SSH user using ssh disconnect <SESSION ID> privilege command. I was using SID 0 (admin1) so I can't disconnect my own SSH session.
ciscoasa# ssh ?
disconnect Specify SSH session id to be disconnected after this keyword
ciscoasa# ssh disconnect ?
<0-2147483647> SSH session id to be disconnected
ciscoasa# ssh disconnect 1
ciscoasa# ssh disconnect 2
ciscoasa# ssh disconnect 3
ciscoasa# ssh disconnect 4
ciscoasa# show ssh session
SID Client IP Version Mode Encryption Hmac State Username
0 svr02 2.0 IN aes128-ctr sha1 SessionStarted admin1
OUT aes128-ctr sha1 SessionStarted admin1
<BLANK>
No comments:
Post a Comment