Friday, July 31, 2015

Enabling debugging in OpenSSH client and server

Assumptions :
     1.) Linux Debian based configuration files are used. (OpenSSH_5.5p1 Debian-6+squeeze5)

SSH Server :

1.) Update the /etc/init.d/ssh file to include debug option.


#diff /etc/init.d/ssh /etc/init.d/ssh.orig

30d29
< SSHD_OPTS="$SSHD_OPTS -ddd"
#

2.) Start the ssh services in the server.

# service ssh --full-restart
Stopping OpenBSD Secure Shell server: sshd.
Starting OpenBSD Secure Shell server: sshddebug1: sshd version OpenSSH_5.5p1 Debian-6+squeeze5
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
.....
.....



SSH Client :

2.) Start the ssh client with verbose options enabled.


$ ssh -vvv USERNAME@SERVER_IP_ADDRESS
OpenSSH_5.5p1 Debian-6+squeeze5, OpenSSL 0.9.8zc 15 Oct 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to SERVER_IP_ADDRESS port 22.
debug1: Connection established.
debug1: identity file /h/palsarav/.ssh/id_rsa type -1
debug1: identity file /h/palsarav/.ssh/id_rsa-cert type -1
debug1: identity file /h/palsarav/.ssh/id_dsa type -1
debug1: identity file /h/palsarav/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze5
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze5
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss


Reference :
1.)
sshd(8) - Linux man page 

Synopsis
sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
 
sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these programs replace rlogin(1) and rsh(1), and provide secure encrypted communications between two untrusted hosts over an insecure network.
sshd listens for connections from clients. It is normally started at boot from /etc/rc. It forks a new daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange.

-d'
 Debug mode. The server sends verbose debug output to the system log, and does not put itself in the background. The server also will not fork and will only process one connection. This option is only intended for debugging for the server. Multiple -d options increase the debugging level. Maximum is 3.

2.)
SSH(1)                                                             BSD General Commands Manual                                                            SSH(1)

NAME
     ssh â OpenSSH SSH client (remote login program)

SYNOPSIS
     ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D  [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11]
         [-i identity_file] [-L  [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R
         [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]

      -v      Verbose mode.  Causes ssh to print debugging messages about its progress.  This is helpful in debugging connection, authentication, and configuraâ
             tion problems.  Multiple -v options increase the verbosity.  The maximum is 3.