Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4276: How to enable SSH trace and Putty logs

Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

26 August,16 at 06:50 PM

Applies to: All versions of Centrify DirectControl. 

Question:
How to enable SSH trace and Putty debug in Centrify OpenSSH/Stock SSH and Centrify Putty/stock Putty?

Answer:
A) If using Centrify Putty or Stock Putty
  • Configuring PuTTY Debug Logs: 
    • From the PuTTY Configuration, in the left pane, click on "Logging" under "Session". 
    • On the right, ensure "Log all session output" or "Log SSH packet data" is selected. 
    • Note the path to the log file - this needs to be sent along with the sshd logs. 


B) If using Unix/Linux SSH client (as opposed to Putty):
  • Configuring ssh Debug Logs (at the Unix shell)
    • Add "-vvv" (three "v" characters) to the target ssh command, for example:
      • #ssh -vvv <any additional options> 
    • (Where <any additional options> means the server name, username, etc.
    • The debug information will be output directly to the screen and needs to be copy and pasted out.


C) Configuring OpenSSHd Debug Logs/SSH trace 
  1. Verify if running stock sshd or Centrify's OpenSSH by running as root:
    • #ps -ef |grep sshd
      • If Centrify's OpenSSH, it should look like:
        • root 254202 155822   0   Apr 08      -  0:00 /usr/share/centrifydc/sbin/sshd
      • If stock SSH, it should look like:
        • root     12427     1  0 Feb15        00:00:04 /usr/sbin/sshd
  2. Start Centrify sshd in debug mode, using the full path and specifying a different port number like 2022, and the following options:
    • #/usr/share/centrifydc/sbin/sshd –ddde –p 2022 > sshd.log 2>&1 
      • If stock ssh, use:
    • #/usr/sbin/sshd –ddde –p 2022 > sshd.log 2>&1 
  3. Enable Centrify Debugging
    • #/usr/share/centrifydc/bin/addebug on
    • #/usr/share/centrifydc/bin/addebug clear
  4. Make sure /var/log/centrifydc.log is growing in size.
    • Open Putty and specify the port number that was used in Step 2.  
    • Attempt login (SSO or interactive login) and let it fail.
    • This step will collect debug logs for one ssh login attempt only.
    • When exiting the ssh/Putty session (please do NOT do Control C), it will return to the command prompt from Step 2. 
    • Minor note:
      • The command prompt does not always return after exiting PuTTY, this is a minor behaviour in the shell refresh itself.
      • Click the Enter key and it will return the command prompt. 
  5. Send in the following:
    • a) /tmp/sshd.log (May also be in the directory where the command was run in Step 2.) 
    • b) /var/log/centrifydc.log (To turn off debugging use: /usr/share/centrifydc/bin/addebug off)
    • c) /var/log/centrify_client.log
    • d) Putty / SSH client logs


See also:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.