SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Cannot ssh to srx 240H2; port 22 is Listening but not process

    Posted 06-27-2016 17:59

    Strange issue with SRX 240H2

    Cannot ssh to the box; worked last week. I can see there is no process but port 22 is listening:

    netstat -Aa | grep 22

    c39523f8 tcp6       0      0  *.22               *.*                LISTEN

    c39525f4 tcp4       0      0  *.22               *.*                LISTEN

    ...

    fstat | grep c39525f4

    root     inetd       1432    7* internet stream tcp c39525f4

    ps alwx | grep -v grep | grep 1432

        0  1432     1   0  76  0  6060  1948 select S     ??    0:05.45 /usr/sbin/inetd -N -w

     

    INETD process , but no SSHD process (which I believe there should be).

     

    When I try to launch SSHD manually, I see this in /var/log/messages

    sshd[26031]: fatal: Cannot bind any address.

    When I console into the box and try to ssh OUT to another box, I get:

    ssh root@xxxx
    socket: No buffer space available

     

    Any ideas? I've HUP'd inetd but no difference. 

     

     



  • 2.  RE: Cannot ssh to srx 240H2; port 22 is Listening but not process

     
    Posted 06-27-2016 18:21
    Can you share below output

    root@SRX> show system virtual-memory | match tcp


  • 3.  RE: Cannot ssh to srx 240H2; port 22 is Listening but not process

    Posted 06-27-2016 18:30

    show system virtual-memory | match tcp
    tcp_inpcb: 264, 20640, 20640, 0, 13882860
    tcpcb: 508, 20640, 46, 42, 13882860
    tcptw: 60, 4158, 0, 4158, 1073284
    tcpreass: 20, 1352, 0, 169, 102841
    tcp_inpcb: 264, 20640, 7331, 19, 3505894
    tcpcb: 508, 20640, 18, 54, 3505894
    tcptw: 60, 4158, 0, 126, 94001
    tcpreass: 20, 1352, 0, 169, 17858

     

    Seems high, but I'm not sure what it should be set to.



  • 4.  RE: Cannot ssh to srx 240H2; port 22 is Listening but not process
    Best Answer

     
    Posted 06-27-2016 18:56
    If you check the “tcp_inpcb”, the free resource is zero and that’s the reason TCP connections not working. As a work around you may reboot. We also see resources are free on other node, so SSH to that node should work ( for managing device till this issue is fixed)

    ITEM SIZE LIMIT USED FREE REQUESTS
    tcp_inpcb: 264, 20640, 20640, 0, 13882860

    This issue is tracked under PR934768 and the fix is available on 12.1X44-D45 12.1X46-D30 12.1X47-D15 or later versions. You may upgrade to any of these versions for a permanent fix.

    https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR934768


  • 5.  RE: Cannot ssh to srx 240H2; port 22 is Listening but not process

    Posted 06-27-2016 23:21

    Thanks for the information.

    Regards

    Ray



  • 6.  RE: Cannot ssh to srx 240H2; port 22 is Listening but not process

    Posted 06-27-2016 23:28
    FYI ,
    Two week ago we had ssh issue that is close to yours , only our was ssh terminated after 2-3 seconds , and it was upgrade resolution , we upgraded to 12.1X46-D40.2 and issue was fixed .
    There is no PR for this problem , also tier2 JTAC didn't find any internal PR ..