# Trying to "debug" my SSH problem: how do I log all incoming connection attempts?



## mrjayviper (Jun 9, 2015)

So I have an iPad and trying to connect to my FreeBSD 10 home server via SSH. I've downloaded several SSH client apps and no matter what I do, they can't seem to see my server. I don't even see the login prompt. Just seems it there's a firewall running and all attempts are ignored.

Some info:

iPad and server and on the same network (192.168.1.x)
I tried connecting to a RedHat enterprise server at work from my iPad and no problems there. I get the username prompt.
I downloaded some network tools on my iPad and I can ping my server.
I can SSH to my server from my Macbooks.
No firewall is running on my server.
So in the end, I'm trying to:

find the log that stores SSHD log. I believe this is /var/log/message. But I cannot see attempts being logged there.
setup my SSHD so it logs all attempts
Can you please help? 

Thanks very much


----------



## ShelLuser (Jun 9, 2015)

SSHD uses Syslog for its logging, so if you check /etc/ssh/sshd_config you'll find 2 options which you can use: SyslogFacility and LogLevel. If you set the latter to DEBUG you're bound to get a whole lot more information. Also see sshd_config(5) for extra information.

Still, if you get timeouts on your iPad then I think raising the logging verbosity on the server won't do you too much good. For example: if a firewall sits in your way then there's no way you'll find out about it in your SSH logfiles. Instead, I'd suggest focussing your attention first on the client. I'm not familiar with iPad's but the regular SSH client has the -vv commandline parameter which can incease verbosity. And that has helped me solve connection issues plenty of times.

Hope this can help.


----------



## SirDice (Jun 9, 2015)

mrjayviper said:


> So I have an iPad and trying to connect to my FreeBSD 10 home server via SSH. I've downloaded several SSH client apps and no matter what I do, they can't seem to see my server. I don't even see the login prompt. Just seems it there's a firewall running and all attempts are ignored.


Run tcpdump(1) and filter on port 22. That'll show you if there's actually a connection coming in. Even if the firewall on the host blocks it you should be able to see it. 



> find the log that stores SSHD log. I believe this is /var/log/message. But I cannot see attempts being logged there.


sshd(8) logs are sent to /var/log/auth.log.


----------

