Verbose logging on an SSH server helps administrators track and understand every transaction occurring between the client and the server. This includes authentication attempts, data transfers, and commands executed. Not only does verbose logging aid in troubleshooting, but it also provides insights for potential security threats.
By default, OpenSSH servers log activities at a standard level, capturing basic events like user authentication. However, for debugging or heightened security monitoring, administrators might want to increase the logging level. In such cases, the verbose mode provides detailed logs which include every transaction and any failed authentication attempts.
Adjusting the log verbosity for an SSH server involves editing the sshd_config file on your server. The different levels of verbosity range from QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG1, DEBUG2, to DEBUG3, with DEBUG3 being the most verbose.
$ sudo nano /etc/ssh/sshd_config
LogLevel DEBUG3
Be cautious: setting the log level to DEBUG3 might flood your logs with excessive information which can quickly fill up storage space. This level is typically reserved for deep troubleshooting.
$ sudo systemctl restart sshd
$ sudo tail -f /var/log/auth.log
By following the above steps, the SSH server will now capture logs in verbose mode. Remember to periodically review the logs and switch back to a normal logging level once your debugging or monitoring needs have been met. This will help conserve server resources and storage.
Comment anonymously. Login not required.