Intermittent Connection to Cisco

The first time i connect to a Catalyst 6500 running version 12.2(17r)SX6, it cannot connect. Then i just let the shell continue the retries, and sometimes it goes through. Most of the time it doesn't.

Here's my SSH on Cisco:

NFS-1#sh ip ssh 
SSH Enabled - version 2.0
Authentication timeout: 15 secs; Authentication retries: 5

Here's my SSH client on MAC OSX Sierra:

#       $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
   Ciphers aes256-cbc,3des-cbc,aes256-ctr,aes128-ctr,aes128-cbc
   MACs hmac-sha1,,,,hmac-sha2-512,hmac-sha2-256,hmac-ripemd$
   KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sh$
   HostKeyAlgorithms ssh-rsa,ssh-dss
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p
#   RekeyLimit 1G 1h

All four of our Catalyst 6500 have the same behavior. Anyone can point me to some resolution?


Did you tried to connect to the Cisco device by using ssh command line (ssh jpt@ ? Does the ssh command line works flawlessly?

And, could you please take a look at this article “Why does SSH take so long to connect?” and make sure your Cisco device won’t do reverse DNS lookup or GSSAPI authentication?

Hi Yang,

Command line works flawlessly and quickly.

Tried disabling reverse DNS lookup in the Cisco switch. Still NO go.

Jon, I’m really sorry for the problem.

I’m currently working on next SSH Shell update, but still need a month or two to make ready.

I’d like to send you a Debug release to identify the problem once next update is prepared for testing.

Thank you again!

Hi Yang,
Kind of disappointed right now bit will have to do with using command line
for now.

Will wait for the new release.