Blog

Debug SSH Server Access by Mac

Sometimes you run into issues ssh-ing into a remote VPS using your keys /  public key. Sometimes all you see in the server logs will be something like

Jun 26 14:55:33 server-name sshd[3927]: Connection closed by xxx.xxx.xxx.xxx port 53573 [preauth]

Now that is not very useful. So how can you get the user that is having issues ssh-ing into your server to get the necessary debug information? How to debug ssh server access by Mac. Let’s look at both the client and server side shall we?

Adding Keys to Keychain

When you are running the ssh client on a Mac client make also sure to do a:

 ssh-add -K

to add the key to your keychain in MacOS on your Mac box. This is something you do on the user’s box so client side.

Verbose SSH client logging

Nex when you want to try ssh-ing into the remote server run this command:

ssh user@domain.com -vvv

for ssh with verbose output. This way you will get way more details on the issues you may be having.

Known Hosts

At the first connection choose yes to add the server’s key to you known hosts file at

/Users/user-name/.ssh/known_hosts

Otherwise the connection will fail. Sometimes this is forgotten in the heat of the moment. Also if you server settings changed you may have to remove the old known host and re-add it on the next connection.

Server Side SSH Debugging

When necessary you can start server side SSH debugging as well using:

 /usr/sbin/sshd -d -p 2222

and then you can check any incoming traffic on that port for issues. Do make sure you are ssh-ing into that port then. Otherwise nothing will be recorded. You can do that using:

ssh -p 2222 user@domain.com -vvv

That way you use the port from the client the server is listening at and you should then be able to get all the debug information you need.

Well, this should help you work things out pretty well. Some users have issues with authorized_keys files on the server. Either permissions on the file or issues with keys stored in them. Debugging as suggested should help you work things out.

NB ssh-keygen -t ecdsa -b 521 is better then just ssh-keygen -t rsa, but ssh-keygen -t rsa -b 4096 is way more secure these days

Tagged in : Tagged in : ,
Jasper Frumau

Jasper has been working with web frameworks and applications such as Laravel, Magento and his favorite CMS WordPress including Roots Trellis and Sage for more than a decade. He helps customers with web design and online marketing. Services provided are web design, ecommerce, SEO, content marketing. When Jasper is not coding, marketing a website, reading about the web or dreaming the internet of things he plays with his son, travels or run a few blocks.

Related Articles


Let’s Encrypt Wildcard Certificates
Laravel Nginx Wildcard Setup

Laravel Nginx Wildcard Setup
Migration from Forge to Vapor

Migration from Forge to Vapor