Sometimes you run into issues ssh-ing into a remote VPS using your keys / public key. Sometimes all you see in the server logs will be something like
Jun 26 14:55:33 server-name sshd: Connection closed by xxx.xxx.xxx.xxx port 53573 [preauth]
Now that is not very useful. So how can you get the user that is having issues ssh-ing into your server to get the necessary debug information? How to debug ssh server access by Mac. Let’s look at both the client and server side shall we?
Adding Keys to Keychain
When you are running the ssh client on a Mac client make also sure to do a:
to add the key to your keychain in MacOS on your Mac box. This is something you do on the user’s box so client side.
Verbose SSH client logging
Nex when you want to try ssh-ing into the remote server run this command:
ssh firstname.lastname@example.org -vvv
for ssh with verbose output. This way you will get way more details on the issues you may be having.
At the first connection choose yes to add the server’s key to you known hosts file at
Otherwise the connection will fail. Sometimes this is forgotten in the heat of the moment. Also if you server settings changed you may have to remove the old known host and re-add it on the next connection.
Server Side SSH Debugging
When necessary you can start server side SSH debugging as well using:
/usr/sbin/sshd -d -p 2222
and then you can check any incoming traffic on that port for issues. Do make sure you are ssh-ing into that port then. Otherwise nothing will be recorded. You can do that using:
ssh -p 2222 email@example.com -vvv
That way you use the port from the client the server is listening at and you should then be able to get all the debug information you need.
Well, this should help you work things out pretty well. Some users have issues with authorized_keys files on the server. Either permissions on the file or issues with keys stored in them. Debugging as suggested should help you work things out.
NB ssh-keygen -t ecdsa -b 521 is better then just ssh-keygen -t rsa, but ssh-keygen -t rsa -b 4096 is way more secure these days