Logging and Debugging

As an SSH server runs, it optionally produces log messages to describe what it’s doing. Log messages aid the system administrator in tracking the server’s behavior and detecting and diagnosing problems. For example, if a server is mysteriously rejecting connections, one of the first places to look is the server’s log output.

By default, the SSH server writes log messages to syslog , the standard Unix logging service (see the sidebar, "The Syslog Logging Service“). For example, an SSH server typically announces its startup with log messages like:[86]

    Server listening on 0.0.0.0 port 22.
    Generating 768 bit RSA key.
    RSA key generation complete.

and a connection from a client is recorded with log messages like:

    session opened for user rebecca by (uid=9005)
    Accepted publickey for rebecca from 10.1.2.3 port 1265
    ssh2 session closed for user rebecca

The SyslogFacility keyword specifies how the SSH server tags log messages:

    SyslogFacility LOCAL3

The value is one of the (case-insensitive) syslog facility codes, and the default is AUTH.

The Syslog Logging Service

Syslog is the standard Unix logging service. Programs send their log messages to the syslog daemon, syslogd, which forwards them to other destinations such as files, the system console, or even other machines. Destinations are specified in the syslog configuration file, /etc/syslog.conf.

Messages received by syslogd are processed according to their facility, which indicates their origin. Standard syslog facilities ...

Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial