Solved

how can i stop and start ssh with debug and write out a log to a specific text file in AIX UNIX

Posted on 2011-03-02
7
1,216 Views
Last Modified: 2013-11-17
Hello i have got the following request, please assist with it. I believe Tectia is an ssh team.

"TECTIA is requesting the SSH server in the Unix side (AIX SERVER), be stopped
and restarted with DEBUG and have the server write out the log to a
specific text file "logfile.txt" that can be forwrded to them. "

Please assist me with figuring out how i can stop and start ssh with debug and write out a log to a specific text file.
How can i enable and disable debug mode
Thanks.
0
Comment
Question by:assistunix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 7

Accepted Solution

by:
jackiechen858 earned 250 total points
ID: 35024440
what version AIX are you using?

do a  "lslpp -l | grep ssh" , most likely you will see

 openssh.base.server    


that means you are using openssh.

do a "lslpp -f openssh.base.server"  , this will list all the files in openssh.base.server package.

you will see :
openssh.base.server
                        /etc/ssh/sshd_config
/etc/rc.d/rc2.d/Ssshd ( the script to start/stop sshd)





/etc/ssh/sshd_config is the file you need to modify.

change
#SyslogFacility AUTH
#LogLevel INFO
to
#SyslogFacility AUTH
LogLevel DEBUG

the log file location is controlled by  vi /etc/syslog.conf

add/modify it as :
auth.debug /tmp/logfile.txt


You need to restart sshd.
stop:
/etc/rc.d/rc2.d/Ssshd stop
start:
/etc/rc.d/rc2.d/Ssshd start

be sure you are using console or telnet to access the server before you stop sshd.


















0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 250 total points
ID: 35024885
You should not forget to create the logfile if it doesn't exist yet and to restart syslogd if you made configuration changes.

- create the logfile, if you configured a new one: touch /tmp/logfile.txt
- restart syslogd: refresh -s syslogd

If you don't want to change sshd_config permanently do the suggested changes/additions to /etc/syslog.conf, then

- stop sshd: stopsrc -s sshd
-- no need to use telnet for this. Existing ssh sessions will not be affected.
- start sshd with the new option: startsrc -s sshd -a "-o loglevel=debug"

If logging is no longer needed just stop sshd and start it without the loglevel option:

stopsrc -s sshd
startsrc -s sshd

wmp
0
 

Author Comment

by:assistunix
ID: 35032981
Thank you for that.
Can you tell me what output following commands put in logfile.txt /usr/sbin/sshd -d -d -d 2> logfile.txt

Is this command /usr/sbin/sshd -d -d -d 2> logfile.txt
equivalent to your process of stopping and starting ssh with DEBUG
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35034461
Not quite equivalent!

Your command will indeed force sshd to write debug messages to the system log (the more "-d" flags the more detail in the output.)
This means that you will have to configure syslog anyway regardless of the method used.

"logfile.txt" in your example will only contain startup and termination messages, not the full debugging output, which goes, as stated, to syslog.

But attention: When started with "-d" sshd will not go into background automatically, it will not fork, so only one single connection is accepted, and sshd will terminate when this connection ends.

So the "-d" feature is only meant for a one-time debugging run. For longer-term recording of debugging messages and for debugging of multiple (maybe parallel) sessions you should use the "option loglevel" method instead of the "-d flag" method.

wmp
0
 

Author Comment

by:assistunix
ID: 35062178
Thank you for that. One more "dumb" question about this topic.
can you tell me what debug is , i tried searching for it on the net, it seems as if debuging is to troubleshoot a problem by viewing it's error. But i would really appreciate if you can give me a straight to the point explanation of debug.

Thank you once again.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35062605
A "bug" is how we call a defect in hardware, the OS, application software or in a configuration which commonly would lead to a malfunction some way.

"Debugging" thus means finding and eliminating such an error, making the concerned component work again.

So "debug log / debug message" is a bit wrong, it's the short form for "a message or a logfile entry which could help us in debugging (i.e. finding a hardware/software/configuration error)".

"Bug" itself traces back to very early engineering speech, and there is also a nice story -

(quoting, see below):

In 1946, when Hopper was released from active duty, she joined the Harvard Faculty at the Computation Laboratory where she continued her work on the Mark II and Mark III. Operators traced an error in the Mark II to a moth trapped in a relay, coining the term bug. This bug was carefully removed and taped to the log book. Stemming from the first bug, today we call errors or glitch's [sic] in a program a bug.

Find the above quote and more info in Wikipedia:
http://en.wikipedia.org/wiki/Software_bug

wmp
0
 

Author Closing Comment

by:assistunix
ID: 35063216
Interesting story. Thank you.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question