How do I enable basic SSH debugging?

Use the command 'ssh -v user@host' to see basic debug output. It is helpful for quick diagnosis of SSH connection issues.

What does 'ssh -vv' show?

Running 'ssh -vv user@host' displays more detailed output during the SSH handshake and authentication process.

What is the purpose of 'ssh -vvv'?

'ssh -vvv user@host' enables maximum verbosity, showing complete debug output including cipher negotiation, packet transmission, and authentication steps.

HiddenSSH - Secure OpenSSH Hardening

Debug

Debugging SSH Problems

SSH provides verbose debugging options to troubleshoot connection issues:

Shows basic debugging, — use this for quick connection diagnostics useful for quick troubleshooting.

ssh -v user@host

Displays detailed debug output, — useful for examining SSH handshake and authentication phases including authentication steps.

ssh -vv user@host

Enables maximum verbosity, — shows every step of the connection setup including cipher negotiation and packet flow showing in-depth connection details, cipher negotiation, and packet exchanges.

ssh -vvv user@host

Shows SSH auth logs, — useful for debugging failed logins, rejected keys, PAM issues, and sudo events from /var/log/secure for server-side SSH troubleshooting.

sudo tail -f /var/log/secure

Create custom SSH-only logs, — writes sshd events into a dedicated JSON-formatted log file using rsyslog for cleaner server-side SSH troubleshooting.

sudo nano /etc/rsyslog.d/30-sshd-to-file.conf

# location:
# /etc/rsyslog.d/30-sshd-to-file.conf
#
# touch /location/sshd-node1.log
# chmod 0600 /location/sshd-node1.log
# chown root:root /location/sshd-node1.log
#
# < SELinux specific Section >
# semanage fcontext -a -t var_log_t '/location/sshd-node1.log'
# restorecon -Rv /location/sshd-node1.log
#
# systemctl restart rsyslog
# logger -p authpriv.notice -t sshd "sshd rsyslog test"
# tail -n 5 /location/sshd-node1.log

template(name="sshd_json" type="list") {
  constant(value="{")
    constant(value="\"ts\":\"")          property(name="timereported" dateFormat="rfc3339")
    constant(value="\",\"host\":\"")     property(name="hostname")
    constant(value="\",\"ip\":\"")       property(name="fromhost-ip")
    constant(value="\",\"app\":\"")      property(name="app-name")
    constant(value="\",\"pid\":\"")      property(name="procid")
    constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
    constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
    constant(value="\",\"msg\":")        property(name="msg" format="json")
  constant(value="}\n")
}

if ($programname == "sshd") then {
  action(type="omfile" file="/location/sshd-node1.log" template="sshd_json")
  stop
}