Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do I get the debug logs you get when using the "-vvv" switch with the ssh command "ssh -vvv username@remotehost" redirected to a text file rather than the users screen?
It's very distracting for the user to get all that extra output popping up on their screen whenever using ssh.
I'd like this to be totally transparent to the user, and not asking them to do anything different than what they usually do.
I've tried adding the DEBUG line to ssh_config, but it clutters up their screen with log messages - it doesn't pipe anything to a file.
Or even save directly to the log file without a redirect.
Code:
ssh -E ~/ssh.log -vvv you@remote
Dig around in the manual page, since there will be other options worth knowing about. You won't remmeber all of them but you might remember that they're there and benefit from being able to look them up.
LogLevel
Gives the verbosity level that is used when logging messages from ssh(1). The possible values are: QUIET, FATAL, ERROR,
INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are
equivalent. DEBUG2 and DEBUG3 each specify higher levels of verbose output.
Don't know if that will suppress the output to the screen, tho.
So, as suggested, dig around in the man pages more.
As I stated I don't want the users to have to do anything on their end - they shouldn't have to add any switches to their command line for this to happen.
I'm assuming this can be configured to happen in a .conf file somewhere.
The LOGLEVEL option in ssh_config sends all messages to the users screen - I don't want it sent to their screen - I want it sent to a log file, without the user having to add any switches to their commandline
The LOGLEVEL option in ssh_config sends all messages to the users screen - I don't want it sent to their screen - I want it sent to a log file, without the user having to add any switches to their commandline
Study man ssh_config then. If it can be done from the command line, it can probably be done from the config file. Look for something similar to the -E option in man ssh.
As I stated I don't want the users to have to do anything on their end - they shouldn't have to add any switches to their command line for this to happen.
Confused by this; you say you don't want them to have any switches added to their command line...yet say they're starting things with "-vvv"??? You also say it's distracting for the user, but what actual PROBLEM does it cause, and why enable the -vvv to start with, if you don't want/need that diagnostic info? Typically that flag is done to diagnose connectivity problems, not for daily use.
Quote:
I'm assuming this can be configured to happen in a .conf file somewhere.
Not that I can see. However, since you're ALREADY specifying the "-vvv" on the command line, specify something else:
..which will redirect the diagnostic messages to that file. Simple enough to write a bash script 'wrapper' to take a user name and IP address, and run the command line like that for all users.
Most of the options which you can add at run time can be included in a configuration file for the client. However, -E is not one of them, it appears. See "man ssh_config". You could grab the output using LogLevel and SyslogFacility via the system logs, as mentioned above.
There are user-level client configuration files, defaulting to ~/.ssh/config, and system-wide client configuration files, defaulting to /etc/ssh/ssh_config and /etc/ssh/ssh_config.d/* and the former override the latter if they exist.
Most of the options which you can add at run time can be included in a configuration file for the client. However, -E is not one of them, it appears. See "man ssh_config". You could grab the output using LogLevel and SyslogFacility via the system logs, as mentioned above.
There are user-level client configuration files, defaulting to ~/.ssh/config, and system-wide client configuration files, defaulting to /etc/ssh/ssh_config and /etc/ssh/ssh_config.d/* and the former override the latter if they exist.
Also the contents of the file should go from specific to general since they configuration options are applied on the first use basis.
That worked for me, except I don't know where the log file ended up.
I put that in the user's ~/.ssh/ssh_config (not ~/.ssh/config on my CentOS 7 box) Hmm. the man page does say .ssh/config, but .ssh/ssh_config seems to work.
Edit: Hmm. I don't find a SysLogFacility option in the ssh_config man page here...I'm not finding anything to specify a log file for the ssh client - except the -E command line option.
Most of the options which you can add at run time can be included in a configuration file for the client. However, -E is not one of them, it appears. See "man ssh_config". You could grab the output using LogLevel and SyslogFacility via the system logs, as mentioned above.
There are user-level client configuration files, defaulting to ~/.ssh/config, and system-wide client configuration files, defaulting to /etc/ssh/ssh_config and /etc/ssh/ssh_config.d/* and the former override the latter if they exist.
That would be as defined in your /etc/rsyslog.conf
local7.* /var/log/boot.log
Aha. Learn something every day! Thanks! No local0 there, but I suppose one could be added to log ssh stuff...or some other rule.
I'll leave that to the OP to figure out.
Another idea that comes to mind is to alias ssh to include the -E option...oh...already suggested by pan64.
All in all an interesting problem...and I think the solution is here. pete.g, please let us know which idea worked out for you.
Most of the options which you can add at run time can be included in a configuration file for the client. However, -E is not one of them, it appears. See "man ssh_config". You could grab the output using LogLevel and SyslogFacility via the system logs, as mentioned above.
There are user-level client configuration files, defaulting to ~/.ssh/config, and system-wide client configuration files, defaulting to /etc/ssh/ssh_config and /etc/ssh/ssh_config.d/* and the former override the latter if they exist.
Also the contents of the file should go from specific to general since they configuration options are applied on the first use basis.
------------
That was along the lines of what I was looking for, but it's not quite working yet:
When I try to ssh anywhere after adding this snippet to /etc/ssh/ssh_config, I get an error "Bad configuration option: syslogfacility"
If I add it to .ssh/config, I get an error "bad owner or permissions on /home/user/.ssh/config" even if I make the permissions 777
I added a line to /etc/rsyslog.conf "local0.* /var/log/ssh.log".
For testing purposes I made that log with 777 permissions too.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.