Network Automation Engineer: Roger Perkin CCIE 50038

CCIE, Wireless, F5, Ansible, AWS, Cloud and data centre to Network Automation - my journey as a network engineer

The Remote System Refused the Connection – Cisco Router SSH

When trying to SSH to a Cisco Router or Switch you get this error

The remote system refused the connection

This can be caused by a number of reasons

  • The transport setting on the vty lines is not permitting SSH
  • You do not have SSH enabled
  • An Access-List is blocking SSH traffic

Lets look at each scenario and enable the appropiate setting 

For this tutorial I am using a Cisco CSR1000V as a test router running on my esxi server. This is a new install with no configuration.

First check the VTY lines with a simple show run and scroll to the bottom

line vty 0
 login
 transport input none
line vty 1
 login
 length 0
 transport input none
line vty 2 4
 login
 transport input none

Here you can see that for all VTY lines the transport input has been set to none – This means no connectivity!

Let fix that with one command

conf t
line vty 0 4
transport input ssh

Now do a show run again and you will see transport input ssh on all lines

line vty 0
 login
 transport input ssh
line vty 1
 login
 length 0
 transport input ssh
line vty 2 4
 login
 transport input ssh

If we try to SSH to the router now it still fails

The remote system refused the connection.

So lets move to step 2 – enable SSH

If you run this command

sh run | inc ssh

It will show you what SSH is setup

In this case none

R1# sh run | inc ssh
R1#

So lets generate some SSH keys

conf t
crypto key generate rsa usage-keys modulus 2048 


% Please define a domain-name first.
R1(config)#

This will fail as we have not specified a DNS name

conf t
ip domain-name rogerperkin.co.uk

Now run the crytpo command again and you will see SSH is enabled.

R1(config)#crypto key generate rsa usage-keys modulus 2048 
The name for the keys will be: R1.rogerperkin.co.uk

% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)

R1(config)#
*Dec 8 13:50:23.468: %SSH-5-ENABLED: SSH 1.99 has been enabled

Lets try and SSH to our router again

the remote system refused the connection cisco ssh tutorial

Bingo!

We now have SSH access to our device

The final reason is an access list on vty lines – this can be checked at the first stage to see if there is any security blocking access.

I hope this helps!

Roger

Want to learn more about Network Automation?

Network Automation skills are becoming a must for network engineers of the future. Get started and learn the skills you need with my free resources!

Free Network Automation Training

The Author

roger perkin ccie network automation engineer
Roger Perkin, (CCIE #50038) is a Senior Network & Security Consultant. Currently working as a Network Automation Engineer for a Cisco Gold Partner
Roger is an evangelist for Network Automation and is continuing to develop skills in Ansible and the Devops culture.

Contact Roger

CCIE

 My CCIE Journey
My CCIE Study Plan
Cisco Continuing Education Program

ROUTING PROTOCOLS

BGP
OSPF

Ansible

Where are Ansible Modules stored
Ansible IOS Command Example
Ansile Backup Cisco Config
How to Install Ansible Tower

Python

Best way to learn Python
Nornir Tutorial
Start using Python for Netowrking

Home Office

Best Vertical Mouse
My Standing Desk
Folding Laptop Stand - Roost
How to clean computer screen and keyboard

Personal Development

How to Focus

Most Visited Pages

Software Upgrade Guides
Wireless Console Cable
Network Automation Tools 
Bose Connect Windows 10
Private VLANs explained
Cisco ISE Overview