Cisco ASA – SCP causes orphaned ssh_init processes

Issue

This is a nasty little big I found the other day which hopefully you can avoid after reading this article.

When using SCP to copy a file to/from the ASA that is over 100k the transfer stalls and then fails. This results in an orphaned ssh_init process. Each ssh_init process then still occupies a CPU footprint causing the overall CPU usage of the device to rise.

So if you try 3 or 4 times to get the transfer to work you can easily end up adding 50-60% to the overall CPU of the box. Which isn’t great is the box is already seeing a healthy amount of traffic. Unfortunately the only method to clear these orphaned processes is to reboot the box.

On top of this as the ASA only permits a maximum of 5 SSH sessions should you have 5 orphaned ssh_init processes, then you will be locked out from being able to SSH into the device.

Solution

Either upgrade to 8.0(5.24) or 8.2(5). Or avoid using SCP and instead use TFTP, FTP or HTTP.

Reference

Further details can be viewed at https://tools.cisco.com/bugsearch/bug/CSCtk34526

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial