Salesforce

KB-4276: How to enable SSH trace and Putty logs

Printable View
« Go Back

Information

 
TitleKB-4276: How to enable SSH trace and Putty logs
URL NameKB-4276-How-to-enable-SSH-trace-and-Putty-logs
Knowledge Article TypeHow To’s
Article TypeKnowledge
ArticleType 
ProductAuthentication Service
Component 
Version5.1.3; 5.1.2; 5.1.1; 5.1.0; 5.0.1; 4.0.0; 4.1.0; 4.1.1; 4.1.2; 4.2; 4.2.1; 4.2.2; 4.3.0; 4.3.1; 4.4.0; 4.4.1; 4.4.2; 4.4.3; 4.4.4; 5.0; 5.0.2; 5.0.3; 5.0.4; 5.0.5
Tagsssh putty openssh
Internal Comments
Article Edits
Bug #
Solution ID
Knowledge Base Article Details
Applies to: All versions of Centrify DirectControl. 

Question:
How to enable SSH trace and Putty debug in Centrify OpenSSH/Stock SSH and Centrify Putty/stock Putty?

Answer:
A) If using Centrify Putty or Stock Putty
  • Configuring PuTTY Debug Logs: 
    • From the PuTTY Configuration, in the left pane, click on "Logging" under "Session". 
    • On the right, ensure "Log all session output" or "Log SSH packet data" is selected. 
    • Note the path to the log file - this needs to be sent along with the sshd logs. 


B) If using Unix/Linux SSH client (as opposed to Putty):
  • Configuring ssh Debug Logs (at the Unix shell)
    • Add "-vvv" (three "v" characters) to the target ssh command, for example:
      • #ssh -vvv <any additional options> 
    • (Where <any additional options> means the server name, username, etc.
    • The debug information will be output directly to the screen and needs to be copy and pasted out.


C) Configuring OpenSSHd Debug Logs/SSH trace 
  1. Verify if running stock sshd or Centrify's OpenSSH by running as root:
    • #ps -ef |grep sshd
      • If Centrify's OpenSSH, it should look like:
        • root 254202 155822   0   Apr 08      -  0:00 /usr/share/centrifydc/sbin/sshd
      • If stock SSH, it should look like:
        • root     12427     1  0 Feb15        00:00:04 /usr/sbin/sshd
  2. Start Centrify sshd in debug mode, using the full path and specifying a different port number like 2022, and the following options:
    • #/usr/share/centrifydc/sbin/sshd –ddde –p 2022 > sshd.log 2>&1 
      • If stock ssh, use:
    • #/usr/sbin/sshd –ddde –p 2022 > sshd.log 2>&1 
  3. Enable Centrify Debugging
    • #/usr/share/centrifydc/bin/addebug on
    • #/usr/share/centrifydc/bin/addebug clear
  4. Make sure /var/log/centrifydc.log is growing in size.
    • Open Putty and specify the port number that was used in Step 2.  
    • Attempt login (SSO or interactive login) and let it fail.
    • This step will collect debug logs for one ssh login attempt only.
    • When exiting the ssh/Putty session (please do NOT do Control C), it will return to the command prompt from Step 2. 
    • Minor note:
      • The command prompt does not always return after exiting PuTTY, this is a minor behaviour in the shell refresh itself.
      • Click the Enter key and it will return the command prompt. 
  5. Send in the following:
    • a) /tmp/sshd.log (May also be in the directory where the command was run in Step 2.) 
    • b) /var/log/centrifydc.log (To turn off debugging use: /usr/share/centrifydc/bin/addebug off)
    • c) /var/log/centrify_client.log
    • d) Putty / SSH client logs


See also:
Created ByAndrea Roberson
Solution CreatorAndrea Roberson
DraftNot Checked
LithiumId
Lithium_Board_Id
Lithium_View_Href
Tags 
Category 
ArticleImage
Known IssuesNot Checked
Powered by