Configuring sshd in debug mode.

Technote (FAQ)

This document applies only to the following language version(s):

US English

Question

How to setup sshd in debug mode (5.2/5.3/6.1).

Answer

To troubleshoot ssh problems, it may be necessary to turn on debugging. This document

covers the steps on how to do this.

How to put sshd in debug.

To setup sshd in debug, we must stop the daemon, and restart it with debug flags.

NOTE:  sshd will only accept a single connection while it is in debug mode.

1. Stop sshd and start script to record console output, restart sshd.

#stopsrc -s sshd

#script /tmp/ssh.debug

# /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 163
debug2: parse_server_config: config /etc/ssh/sshd_config len 163
debug3: /etc/ssh/sshd_config:21 setting Protocol 2
debug3: /etc/ssh/sshd_config:110 setting Subsystem sftp /usr/sbin/sftp-server
debug1: sshd version OpenSSH_4.7p1
...
...

...

You should see debug messages similar to the ones above, sshd is now in debug mode waiting for a connection.

2. At this time try to connect with the problematic user.

From a client the user can issue the ssh login command in debug mode.

# script /tmp/ssh-debug.client

# ssh -vvv user@hostname

You should see more debug messages scroll on the console as you try to login.

Once you have replicated the problem, enter the following on sshd server:

#Crtl^C

#Ctrl^D

This will end sshd debug session and the script.

3. Restart the sshd binary.

#startsrc -s sshd

#lssrc -s sshd
Subsystem Group PID Status
sshd ssh 577626 active

You can now review the debug output of /tmp/ssh.debug and /tmp/ssh-debug.client for possible clues and errors.