skip to Main Content
Debugging SSH On Your VPS From A Mac

Debug SSH Server Access by Mac

Sometimes you run into issues ssh-ing into a remote VPS using your keys /  public key. Sometimes all you see in the server logs will be something like

Jun 26 14:55:33 server-name sshd[3927]: Connection closed by xxx.xxx.xxx.xxx port 53573 [preauth]

Now that is not very useful. So how can you get the user that is having issues ssh-ing into your server to get the necessary debug information? How to debug ssh server access by Mac. Let’s look at both the client and server side shall we?

Adding Keys to Keychain

When you are running the ssh client on a Mac client make also sure to do a:

 ssh-add -K

to add the key to your keychain in MacOS on your Mac box. This is something you do on the user’s box so client side.

Verbose SSH client logging

Nex when you want to try ssh-ing into the remote server run this command:

ssh user@domain.com -vvv

for ssh with verbose output. This way you will get way more details on the issues you may be having.

Known Hosts

At the first connection choose yes to add the server’s key to you known hosts file at

/Users/user-name/.ssh/known_hosts

Otherwise the connection will fail. Sometimes this is forgotten in the heat of the moment. Also if you server settings changed you may have to remove the old known host and re-add it on the next connection.

Server Side SSH Debugging

When necessary you can start server side SSH debugging as well using:

 /usr/sbin/sshd -d -p 2222

and then you can check any incoming traffic on that port for issues. Do make sure you are ssh-ing into that port then. Otherwise nothing will be recorded. You can do that using:

ssh -p 2222 user@domain.com -vvv

That way you use the port from the client the server is listening at and you should then be able to get all the debug information you need.

Well, this should help you work things out pretty well. Some users have issues with authorized_keys files on the server. Either permissions on the file or issues with keys stored in them. Debugging as suggested should help you work things out.

NB ssh-keygen -t ecdsa -b 521 is better then just ssh-keygen -t rsa, but ssh-keygen -t rsa -b 4096 is way more secure these days

Jasper

Been working with WordPress, SEO, content marketing and the web for 12+ years. When I am not coding, reading about the web or dreaming the web of things I travel or run a few blocks

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top