Sometimes you need to disconnect someone’s ssh session to a Cisco ASA. This may be needed because users haven’t logged out properly and have taken up all the sessions allowed.
Check Usage Limits
You can check usage limits by seeing how many sessions the ASA thinks are connected.
FWL1# show resource usage resource ssh
Resource Current Peak Limit Denied Context
SSH Server 5 5 5 109 System
In this case the ASA can only connect 5 years and it thinks there are 5 sessions open and therefore it cannot connect any more.
There’s a bug that doesn’t properly release sessions from the ASA. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsm68097
Show current ssh sessions
To display all ssh sessions connected run this command.
FWL1# show ssh sessions
SID Client IP Version Mode Encryption Hmac State Username
1 192.168.100.62 2.0 IN aes256-ctr sha2-256 SessionStarted cfb-admin
OUT aes256-ctr sha2-256 SessionStarted cfb-admin
5 192.168.100.60 2.0 IN aes128-ctr sha2-256 SessionStarted cfb-admin
OUT aes128-ctr sha2-256 SessionStarted cfb-admin
Disconnect user
If you want to disconnect user henry, find the SID and use this command:
FWL1# ssh disconnect 3
Leave A Comment?