Troubleshooting


Troubleshooting

Log files

There are several places to look for clues when you have a problem connecting with ssh or scp. First look for sshd entries in /var/log/secure and /var/log/messages on the server. Following are messages you may see when you are using an AllowUsers declaration but have not included the user who is trying to log in (page ): 

# grep sshd /var/log/secure
grape sshd[16]: User sam not allowed because not listed in AllowUsers
grape sshd[16]: Failed password for illegal user sam from 192.168.0.6 port 59276 ssh2

The next messages originate with PAM (page ) and indicate that the user is not known to the system: 

# grep sshd /var/log/messages
grape sshd(pam_unix)[2817]: check pass; user unknown
grape sshd(pam_unix)[2817]: authentication failure; logname= uid=0
euid=0 tty=NODEVssh ruser= rhost=peach.sobell.com

Debug the client

If entries in these files do not help solve the problem, try connecting with the v option (either ssh or scpthe results should be the same). OpenSSH displays a lot of messages and one of them may help you figure out what the problem is. 

$ ssh -v grape
OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to grape [192.168.0.3] port 22.
debug1: Connection established.
debug1: identity file /home/sam/.ssh/identity type -1
debug1: identity file /home/sam/.ssh/id_rsa type 1
...
debug1: Host 'grape' is known and matches the RSA host key.
debug1: Found key in /home/sam/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
...
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/sam/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
sam@grape's password:

Debug the server

You can debug from the server side by running sshd with the de options. The server will run in the foreground and its display may help you solve the problem.