Verbose logging on an SSH server allows administrators to capture detailed records of server activities. This includes authentication attempts, data transfers, and executed commands. Adjusting the LogLevel is useful for both troubleshooting and monitoring potential security issues.
The default OpenSSH server configuration logs only basic events, primarily related to user authentication. To capture more detailed information, you can modify the sshd_config file to increase the log verbosity. This setting helps identify issues or monitor specific activities more closely.
It's important to balance the need for detailed logs with server performance. High verbosity levels can generate large amounts of data, which might strain server resources. After completing your monitoring or troubleshooting, reduce the LogLevel to prevent excessive log data.
Steps to configure verbose logging for SSH server:
- Open the terminal on your SSH server.
- Open the sshd_config file in the server's configuration directory.
$ sudo vi /etc/ssh/sshd_config
- Find the LogLevel directive in the file, or add it if it's missing.
Uncomment the LogLevel directive if it’s commented.
- Set the LogLevel to the desired verbosity level.
LogLevel DEBUG3
The possible LogLevel options in sshd_config are QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG1, DEBUG2, and DEBUG3.
Be cautious: setting the log level to DEBUG3 might flood your logs with excessive information which can quickly fill up storage space. This level is typically reserved for deep troubleshooting.
- Save the changes and close the file.
- Restart the SSH service to apply the new settings.
$ sudo systemctl restart ssh
- Check the logs to confirm that the new logging level is active.
$ sudo tail -f /var/log/auth.log
Typically, they can be found in /var/log/auth.log or /var/log/secure, depending on the distribution.
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.