Logging and Debugging

As an SSH server runs, it optionally produces log messages to describe what it’s doing. Log messages aid the system administrator in tracking the server’s behavior and detecting and diagnosing problems. For example, if a server is mysteriously rejecting connections, one of the first places to look is the server’s log output.

By default, the SSH server writes log messages to syslog , the standard Unix logging service (see the sidebar, "The Syslog Logging Service“). For example, an SSH server typically announces its startup with log messages like:[86]

    Server listening on 0.0.0.0 port 22.
    Generating 768 bit RSA key.
    RSA key generation complete.

and a connection from a client is recorded with log messages like:

    session opened for user rebecca by (uid=9005)
    Accepted publickey for rebecca from 10.1.2.3 port 1265
    ssh2 session closed for user rebecca

The SyslogFacility keyword specifies how the SSH server tags log messages:

    SyslogFacility LOCAL3

The value is one of the (case-insensitive) syslog facility codes, and the default is AUTH.

Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.