Technical Note: Cisco ASA locks out SSH sessions
Description
An SSH session to perform user table evaluation is created for each new VPN session. Customers have reported periodic SSH lockouts on the ASA when the ASA's Allowed Access List for SSH configured to be open (0.0.0.0).
Scope
Version: 8.x
Solution
An SSH session to perform user table evaluation is created for each new VPN session. Customers have reported periodic SSH lockouts on the ASA when the ASA's Allowed Access List for SSH configured to be open (0.0.0.0).
Scope
Version: 8.x
Solution
Configure the SSH Allowed Access List to only include those subnets requiring access, including the appliance's eth0 subnet.
ID 4171753
Related Articles
Technical Note: Restarting services can generate large number of SSH sessions with ASA