30 minutes ago my router is not accepting ssh connection. Well, ports is open (due to nmap), ssh simply hangs on reading from Cisco socket (observation from strace):
/home/rafal/.ssh/id_dsa-cert type -1
) = 60
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
_llseek(4, 0, [0], SEEK_CUR) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=2871, ...}) = 0
mmap2(NULL, 2871, PROT_READ, MAP_SHARED, 4, 0) = 0xb78cb000
_llseek(4, 2871, [2871], SEEK_SET) = 0
munmap(0xb78cb000, 2871) = 0
close(4) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
_llseek(4, 0, [0], SEEK_CUR) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=2871, ...}) = 0
mmap2(NULL, 2871, PROT_READ, MAP_SHARED, 4, 0) = 0xb78cb000
_llseek(4, 2871, [2871], SEEK_SET) = 0
munmap(0xb78cb000, 2871) = 0
close(4) = 0
rt_sigaction(SIGPIPE, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [], 0}, NULL, 8) = 0
read(3,
Where 3 is file descripor of connection with router (ESTABLISHED state, due to the netstat).
tcp 0 0 192.168.80.50:38954 192.168.81.1:22 ESTABLISHED 24839/ssh
One hour ago I was still able to connect. Now there is no more access trough the console port - what I should do?
So no SSH access, and no console access? I'm assuming telnet is not available?
Do you have access via SNMP (read/write community)? You could enable telnet via SNMP commands and see if that gets you in to the box?
You can use SNMP to execute other commands - but ultimately it sounds like you've hit something that is going to require a reload of the router. Either issue reload via SNMP access, or power cycle the box physically.
Edit: Other thoughts - if you get access to the box via Telnet or SNMP, you can "crypto key generate RSA" to re-generate your crypto keys. This may recycle the SSHD process on the router. Whatever you do, make sure you get a copy of the running-config before you reboot, or at least issue a copy run start to save any changes that were made to the box.