Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SSH Connections - Additional Logging and Visibility of Errors

See original GitHub issue


I’m planning on using ssh-audit in a production environment and would like to be able to demonstrate and record how aggressive a typical audit is.

Currently verbose output only shows the initial SSH connection that’s made to a target server:

However an audit actually makes multiple connections to a target server:

  1. The initial connection: main --> audit --> err = s.connect()

  2. Obtaining host key(s): main --> audit -->, kex) run --> perform_test --> err = s.connect() (err = s.connect() runs once per key type [rsa, ed25519, etc])

  3. Performing DH group exchange: main --> audit -->, kex) run --> GEXTest.reconnect --> err = s.connect() (GEXTest.reconnect runs once per group-exchange alg and once per modulus length for each group-exchange alg)

@jtesta Would you be happy to entertain the idea of adding some additional logging so that each SSH connection is output? If that sounds OK, do you want this to be added to the existing verbose output or would it be more appropriate to add a new --debug parameter?


When obtaining host key(s) and performing DH group exchange, if s.connect() or get_banner() produce an error then currently the error message is suppressed:

Should we at least display a warning rather than hiding errors?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:8 (8 by maintainers)

github_iconTop GitHub Comments

jtestacommented, Mar 2, 2021

Thanks for the PR! I merged it and then made a small change: SSH_Socket() now takes an OutputBuffer so that all its methods can use it without having to pass it in every time.

Is there any additional logging you want to add to Debug?

There’s LOTS of debugging output we can potentially generate. I figure we’ll add it in as needed. I’d be happy to accept debugging lines if you find them helpful.

Thanks again!

thecliguycommented, Mar 2, 2021

@jtesta I’ve submitted a PR, see #99.

When a debug parameter (-d/--debug) is passed, both Verbose and Debug output is displayed.

Please can you give me your feedback and suggestions?

Is there any additional logging you want to add to Debug?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Enable Debugging Mode in SSH to Troubleshoot Connectivity ...
In this article, we will show you how to turn on debugging mode while running SSH in Linux. This will enable you to...
Read more >
How to View SSH Logs? - StrongDM
sshd is the Secure Shell Daemon, which allows remote access to the system. In this article, we'll look at how to view ssh...
Read more >
How to Monitor and Visualize Failed SSH Access Attempts to ...
This blog post focuses on how to log and create alarms on invalid Secure Shell (SSH) access attempts. Implementing live monitoring and session...
Read more >
Troubleshooting Linux SSH Login Delay - Why does logging ...
The TCP-level connection is successfully established; The SSH application-level handshake continues; The SSH client sends a packet to the server ...
Read more >
Remote Logging with SSH and Syslog-NG
The first step is to get the SSH tunnel set up between the two machines. My personal preference is to originate the SSH...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found