Your browser does not allow storing cookies. We recommend enabling them.

SSH

Setting Connection Broker to Debug Mode

The Connection Broker is a component included in Tectia ConnectSecure. The Connection Broker handles all cryptographic operations and authentication-related tasks for Tectia ConnectSecure and the command-line tools sshg3, scpg3, and sftpg3.

If the verbose level output explained in Gathering Basic Troubleshooting Information does not solve your problem, set the existing running Broker to debug mode. Existing open connections will remain up and running, which is relevant on multiuser systems or when there are lots of automated scripts running at the same time. You will also get a debug log from new connection attempts.

To set the Connection Broker to debug mode, follow these instructions:

  1. Open a shell (on Unix) or command prompt window (on Windows).

  2. If you already have an existing Connection Broker, skip this step. If you do not have an existing Connection Broker, run the following command:

    $ ssh-broker-g3
  3. Set the Connection Broker to debug mode by running the following command:

    $ ssh-broker-ctl debug --log-file=<logfile> <debug-level>

    In the command:

    • logfile specifies the file to which the debug output will be directed

    • debug-level is an integer from 0 (no debug info) to 99 that specifies the desired amount of debug information.

      [Note]Note

      The recommended debug levels are 1-9. The higher the number, the more detailed the troubleshooting output will be, and the more the debugging will affect performance.

    On Windows, you can set the debug mode also in the Logs view in the Tectia Connection Status window. To open the Tectia Connection Status window, right-click the Tectia icon in the Windows taskbar notification area and select Status.

    Setting the Connection Broker's debug mode on Windows

    Figure 7.2. Setting the Connection Broker's debug mode on Windows


    The following example command sets the Connection Broker debug mode to level 4 and outputs the debug information to a log file named broker.log:

    $ ssh-broker-ctl debug --log-file=broker.log 4
  4. Connect to a server using one of the clients:

    $ sshg3 user@host
  5. View the debug information for the connection in the broker.log file.

On Unix, you can display the debug output also by using the command line tools with argument -D. For example, the following command will display the debug output with a debug level 2:

$ sftpg3 -D2 user@host

On Windows, besides the command line tools, you can display the debug output also in the Tectia Connection Status window.

[Note]Note

After you have collected the debug output, remember to disable Tectia ConnectSecure's debug mode, since debugging slows down the performance.

On Unix and Windows, the debug mode is disabled with the following command:

$ ssh-broker-ctl debug --clear

On Windows, the debug mode can be also disabled by setting the debug level back to 0 in the Tectia Connection Status window, as shown in Figure 7.3

Disabling the Connection Broker's debug mode on Windows

Figure 7.3. Disabling the Connection Broker's debug mode on Windows



 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now