Cisco Secure Firewall Management Center Virtual Getting Started Guide

Troubleshooting

Updated: February 5, 2026

Want to summarize with AI?

Overview

Learn about troubleshooting SSH connection failures in Firewall Management Center Virtual, including identifying corrupted SSH host key files caused by disk I/O errors and restoring access by regenerating keys and restarting the SSH service.

This section provides you with some basic troubleshooting steps related to your Firewall Management Center Virtual deployment on your virtual machine.

SSH Connection Failure

The Firewall Management Center Virtual is fully operational, with the user interface and console connection functioning correctly, except for the SSH connection. In certain scenarios, the SSH host key files might become corrupted during the initial boot of the Firewall Management Center Virtual, resulting in SSH connection failures.

You can check for the following indications that suggest an SSH connection failure:

A disk I/O error might occur during the initial boot of the Firewall Management Center Virtual, specifically when the SSH daemon (sshd) is starting. This results in the SSH key files (ssh_host* files generated by sshd) being empty.

ls -lrt /etc/ssh total 16

-rw-r--r-- 1 root root 1746 Jan 17 23:31 ssh_config-openssh
-rw-r--r-- 1 root root 6027 Jan 17 23:42 sshd_config
-rw-r--r-- 1 root root 1293 Jan 17 23:42 ssh_config
-rw-r--r-- 1 root root    0 Jan 27 06:37 ssh_host_dsa_key
-rw-r--r-- 1 root root    0 Jan 27 06:37 ssh_host_dsa_key.pub
-rw-r--r-- 1 root root    0 Jan 27 06:37 ssh_host_ecdsa_key
-rw-r--r-- 1 root root    0 Jan 27 06:37 ssh_host_ecdsa_key.pub
-rw-r--r-- 1 root root    0 Jan 27 06:37 ssh_host_ed25519_key
-rw-r--r-- 1 root root    0 Jan 27 06:37 ssh_host_ed25519_key.pub
-rw-r--r-- 1 root root    0 Jan 27 06:37 ssh_host_rsa_key
-rw-r--r-- 1 root root    0 Jan 27 06:37 ssh_host_rsa_key.pub

For the disk I/O issue, you can check the /var/log/messages file, which may contain erroneous data (indicating an I/O error) around the same timestamp when the SSH key files were generated.

To resolve the SSH failure that might occur during the initial boot of Firewall Management Center Virtual, as described above, you should perform the following steps:

Log in to Firewall Management Center Virtual.
Run the sudo reboot command in expert mode on the Firewall Management Center Virtual CLI to initiate a graceful reboot.
Run the following command to remove the empty SSH key files:
```
cd /etc/ssh/
rm ssh_host*
```
Run the following command to restart the sshd service to regenerate the SSH key files properly.
```
/etc/rc.d/init.d/sshd stop
/etc/rc.d/init.d/sshd start
```
Note

Follow this workaround steps only if you are certain that the SSH key files are empty. If you are uncertain, it is advisable to submit a TAC case for further investigation.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.