• Skip to main content
  • Skip to header right navigation
  • Skip to site footer

Roger Perkin

Learn Network Automation

  • Network Automation
    • Ansible
    • Python
    • Terraform
    • pyATS
    • Git
    • Postman
  • ISE
  • Cisco
    • SD WAN Training
    • Password Recovery
    • Software-Upgrade-Guides
    • BGP
    • Data Center
    • WIRELESS
  • Blog
    • CCIE Blog
  • COURSES
  • Menu Item

The Remote System Refused the Connection – Cisco Router SSH

When trying to SSH to a Cisco Router or Switch you get this error

The remote system refused the connection

This can be caused by a number of reasons

  • The transport setting on the vty lines is not permitting SSH
  • You do not have SSH enabled
  • An Access-List is blocking SSH traffic

Lets look at each scenario and enable the appropiate settingĀ 

For this tutorial I am using a Cisco CSR1000V as a test router running on my esxi server. This is a new install with no configuration.

First check the VTY lines with a simple show run and scroll to the bottom

line vty 0
 login
 transport input none
line vty 1
 login
 length 0
 transport input none
line vty 2 4
 login
 transport input none

Here you can see that for all VTY lines the transport input has been set to none – This means no connectivity!

Let fix that with one command

conf t
line vty 0 4
transport input ssh

Now do a show run again and you will see transport input ssh on all lines

line vty 0
 login
 transport input ssh
line vty 1
 login
 length 0
 transport input ssh
line vty 2 4
 login
 transport input ssh

If we try to SSH to the router now it still fails

The remote system refused the connection.

So lets move to step 2 – enable SSH

If you run this command

sh run | inc ssh

It will show you what SSH is setup

In this case none

R1# sh run | inc ssh
R1#

So lets generate some SSH keys

conf t
crypto key generate rsa usage-keys modulus 2048 


% Please define a domain-name first.
R1(config)#

This will fail as we have not specified a DNS name

conf t
ip domain-name rogerperkin.co.uk

Now run the crytpo command again and you will see SSH is enabled.

R1(config)#crypto key generate rsa usage-keys modulus 2048 
The name for the keys will be: R1.rogerperkin.co.uk

% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)

R1(config)#
*Dec 8 13:50:23.468: %SSH-5-ENABLED: SSH 1.99 has been enabled

Lets try and SSH to our router again

the remote system refused the connection cisco ssh tutorial

Bingo!

We now have SSH access to our device

The final reason is an access list on vty lines – this can be checked at the first stage to see if there is any security blocking access.

I hope this helps!

Roger

Previous Post: « ansible logo rogers ccie blog Ansible IOS_Command Example
Next Post: What is Ansible? ansible logo rogers ccie blog »

Let’s get started

Take a look at my premium courses on Ansible, Nornir & Git or buy them all with the Network Automation Bundle!

Network Automation Courses

Social

Follow along on social media

Contact

Get in touch with me here

[email protected]

Navigation

Home

Blog

About

Contact

YouTube

Don’t forget to take a look at my YouTube Channel

youtube button

Copyright © 2021 · Roger Perkin · All Rights Reserved · Powered by Mai Theme