• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Enable ssh/sshd Debugging for Solaris

By admin

This post will show how to put ssh (the client command) and sshd (the server daemon) into debug mode in order to troubleshoot authorization and connection problems. This debug output will be requested by Oracle/Sun technical support agents for ssh/sshd authorization and connection issues when opening service requests.

Steps to Follow

Configure the sshd daemon to run single threaded in debug mode. You have the choice of either:

1. stopping the active sshd on the system so that an sshd running in debug mode can be started.

-OR-

2. starting a new sshd instance running in debug mode on a free port other than port 22. The example below is for starting a new sshd on a different port (2222 in this case) in debug mode:

ssh_server# /usr/lib/ssh/sshd -p 2222 -ddd
debug1: sshd version Sun_SSH_1.1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222

here the output will stop until a client connection on port 2222 is initiated. now that the server is ready to accept a connection; start the debug session from the ssh client:

root@sshclient# /usr/bin/ssh -p 2222 -vvv 192.168.100.33
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.168.100.33 [192.168.100.33] port 2222.
debug1: Connection established.
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug2: . . (snipped for brevity)

Note: the debug output will scroll. Complete (or attempt to complete) the login session so that debug will display on both sides.

for sftp testing use -o options with sftp to specify Port.

# sftp -oPort=2222 192.168.100.33

For more detailed debugging, truss can be used to capture system calls and signals.

On the server

# truss -aefdl -rall -wall -vall -xall -o /var/tmp/sshd.truss /usr/lib/ssh/sshd -p 2222 -ddd

On the client

# truss -aefdl -rall -wall -vall -xall -o /var/tmp/ssh.truss /usr/bin/ssh -p 2222 -vvv 192.168.100.33

Once the connection is made, the server debug window will continue to output debug data:

debug1: Server will not fork when running in debugging mode.
Connection from 192.168.100.33 port 56939
debug1: Client protocol version 2.0; client software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug2: (snipped for brevity)

cut/paste, save and provide the debug output from BOTH sides.

Filed Under: Solaris

Some more articles you might also be interested in …

  1. How to add Additional Storage Space Created from Dynamic LUN Expansion in ZFS online
  2. How to Use the Oracle Solaris Fast Crash Dump Feature
  3. The ultimate Solaris sendmail troubleshooting guide
  4. How to Import Zpool and Mount of BE When Booted From Alternate Device in Solaris 11
  5. Complete Hardware Reference : SPARC T5-2 / T5-4 / T5-8
  6. Solaris ZFS : How to Create / Rename / Rollback / Destroy a ZFS Snapshot
  7. Solaris Zone Install Fails With Cpio Error
  8. Solaris beginners guide to NFS
  9. A beginners guide to Veritas Dynamic Multipathing (VxDMP)
  10. A beginners guide to Service Management Facility (SMF) in Solaris

You May Also Like

Primary Sidebar

Recent Posts

  • How to set the default character set in MySQL and how to propagate it in a master-master replication scenario
  • “Connection reset by peer” – error while ssh into a CentOS/RHEL system with a specific user only
  • MySQL: how to figure out which session holds which table level or global read locks
  • Recommended Configuration of the MySQL Performance Schema
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary