1. Home
  2. Cisco Systems
  3. lost ssh access to pix 506e

lost ssh access to pix 506e

I had a working ssh connection to my pix 506e until I changed the internal ip address. Of course the session would drop because I changed from

192.168.1.3 to 192.168.1.1. I have done this before and reconnected to the new internal address with no problem.

This time, though, it did not work; ssh_exchange_identification: Connection closed by remote host

I rebooted the pix to restore the previous configuration and it does respond to pings at 192.168.1.3, but the ssh still does not work.

ssh -v -l pix 192.168.1.3

OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22. debug1: Connection established. debug1: identity file /home/john/.ssh/identity type -1 debug1: identity file /home/john/.ssh/id_rsa type -1 debug1: identity file /home/john/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host

Any ideas?

The only other changes made recently were to the hostname and domain-name of the pix. It still worked afterwards, though.

Reply to
John Schleigh
Loading thread data ...

Try regenerating the RSA key:

ca zeroize rsa ca generate rsa key 1024 ca save all

More information:

formatting link

Reply to
Jyri Korhonen

Hi John,

another solution can be:

You have an existing ssh key for the host192.168.1.3 in your known_hosts table.

Erase the entry for the new ip address in /home/john/.ssh/known_hosts, then reconnect to the pix.

Greetings Gerd

Reply to
Gerd EMail

Already tried that. No luck, but thanks.

Reply to
John Schleigh

Please write down the your ssh_config (client)

Greetings Gerd.

Reply to
Gerd EMail

/etc/ssh/ssh_config Host * ForwardX11Trusted yes

Reply to
John Schleigh

:> another solution can be:

:> Erase the entry for the new ip address in /home/john/.ssh/known_hosts, :> then reconnect to the pix.

:Already tried that. No luck, but thanks.

You need to follow Jyri's suggestion to regenerate the ssh key. The ssh key is dependant on the hostname and domain name, so when you changed those, you invalidated the stored keys.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.