Reset Search



XSR Crashes on SSH2 Listener Task

« Go Back


TitleXSR Crashes on SSH2 Listener Task
  • XSR crashes frequently
  • Fault Report contains Crashed Task = SSH2_LISTENER
Router is listening on SSH - this is a default setting for all ports
Most often this is a DOS attack by hitting the router with large number of SSH packets in short time.
Configuration choices are:
1.  Disable SSH globally from config mode, but this may shut down the ability to manage the router as SSH is generally the preferred method of access to the CLI.
ip ssh server disable
2.  Use ACL to block SSH to the interface which is receiving the offending attack:
access-list 100 deny tcp any gt 1023 host (address of interface being attacked)  eq 22
access-list 100 deny udp any gt 1023 host (address of interface being attacked)  eq 22
access-list 100 permit ip any any

Apply this to the interface being attacked, typically the public facing interface:
interface f2
ip access-group 100 in

3.  Configure the firewall to restrict from where the SSH connections may be made:
ip firewall network Internet mask external
ip firewall network PUBLIC mask internal

ip firewall policy Block_SSH Internet PUBLIC SSH reject


Additional notes
The examples above are only generic and do not necessarily represent how they may be implemented for any given router or network configuration.  Please contact the GTAC for detailed assistance.



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255