Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Enabling Debug Logging for SSH Connections

Tech 1

The standard basic SSH connection command follows the format ssh <remote_username>@<remote_host>, for example:

ssh root@demo.example.com

To enable dteailed debug output for troubleshooting SSH connecitons, add the -v verbose flag to the command:

ssh -v root@demo.example.com

A sample debug session output is shown below:

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /home/root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to demo.example.com [10.0.0.15] port 22.
debug1: Connection established.
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: identity file /home/root/.ssh/id_ecdsa type 3
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to demo.example.com:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:BXJcbrSOLohgyh8cA2aERBdEf3YCD8b5lUQdcK9ypYg
debug1: Host 'demo.example.com' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:3934
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
These computer resources, specifically Internet access and E-mail, are
provided for authorized users only. For legal, security and cost
reasons, utilization and access of resources are monitored and recorded
in log files. All information (whether business or personal) that is
created, received, downloaded, stored, sent or otherwise processed can
be accessed, reviewed, copied, recorded or deleted by Example Corp, in
accordance with approved internal procedures, at any time if deemed
necessary or appropriate, and without advance notice. Any evidence of
unauthorized access or misuse of Example Corp resources may result in
disciplinary actions, including termination of employment or assignment,
and could subject a user to criminal prosecution. Your use of Example Corp's
computer resources constitutes your consent to Example Corp's Policies and
Directives, including the provisions stated above.

IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY

You are connected to: demo.example.com
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:319721)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:319721)

debug1: Next authentication method: publickey

Two criticla debug lines highlight where SSH loads its configuration files:

debug1: Reading configuration data /home/root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config

The first line loads the per-user SSH configuration from the current user's home directory, while the second loads the system-wide SSH configuration file.

Tags: SSHdebug loggingsystem administrationtroubleshooting
Back to List

Prev: Evaluating Reverse Polish Notation and Implementing Sliding Window Max and Top K Frequent Elements Using Stacks and Queues

Next: Essential Pandas Tricks for Everyday Data Analysis

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top