How to check sshd log?
Solution 1:
Creating an answer based on the comments above, credit to @Prof. Moriarty and @Eye of Hell
SSH auth failures are logged here /var/log/auth.log
The following should give you only ssh related log lines
grep 'sshd' /var/log/auth.log
To be on the safe side, get the last few hundred lines and then search (because if the log file is too large, grep on the whole file would consume more system resources, not to mention will take longer to run)
View sshd entries in the last 500 lines of the log:
tail -n 500 /var/log/auth.log | grep 'sshd'
or to follow the log output as you test:
tail -f -n 500 /var/log/auth.log | grep 'sshd'
Solution 2:
If you can try the failing connection again easily, one way easy way is to start an SSH server on a free port such as 2222:
/usr/sbin/sshd -d -p 2222
and then retry the connection with:
ssh -p 2222 user@host
By using the different port -p 2222, we don't have to stop the main SSH server, which could lock us out.
See also: https://unix.stackexchange.com/a/55481/32558
Solution 3:
If no one else is using the system at the moment you could do what i've done in such cases:
- stop sshd service (at least i've been able to do this while logged in via ssh)
- start sshd manually and add some -d options to get more verbose debug output. Unless you have something funky going on it should use the same keys and config it does when started properly
Solution 4:
If you want to see all log messages about sshd, run this:
grep -rsh sshd /var/log |sort
Solution 5:
You can tail -f /var/log/auth.log