Your browser does not allow storing cookies. We recommend enabling them.


Starting Connection Broker in Debug Mode

The Connection Broker is an internal component included in Tectia Client and Tectia ConnectSecure. The Connection Broker handles all cryptographic operations and authentication-related tasks for Tectia Client, ConnectSecure, and the command-line tools sshg3, scpg3, sftpg3.

To start the Connection Broker in debug mode, follow these instructions:

  1. Open a shell (on Unix) or command prompt window (on Windows).

  2. Stop the Connection Broker, if it is currently running. Enter the following command to exit the Connection Broker. This will close all currently open connections of the current user:

    $ ssh-broker-g3 --exit
  3. Start the Connection Broker in debug mode by running the following command:

    $ ssh-broker-g3 -D<filter> -l <logfile>

    In the command:

    • logfile specifies the file to which the debug output will be directed

    • filter is an expression that takes the following syntax: "module=level,module=level,..."

    • module is an optional expression that can be used to restrict the debug output to only a particular module or to allow the use of varying debug levels for different modules.

    • level is an integer from 0 (no debug info) to 99 that specifies the desired amount of debug information.

      Note that levels 1-9 are the recommended ones. The higher the number, the more detailed the troubleshooting output will be, and the more the debugging will affect performance.

    The following example command starts the Connection Broker with global debug level 4 and outputs the debug information to a log file named broker.log:

    $ ssh-broker-g3 -D4 -l broker.log

    The following example command starts the Connection Broker with debug level 5 for modules starting with "SecShAuth" and level 2 for everything else:

    $ ssh-broker-g3 -D"SecShAuth*=5,2" -l broker.log
  4. Connect to a server using one of the clients:

    $ sshg3 user@host
  5. View the debug information for the connection in the broker.log file.

On Unix, you can display the debug output also by using the command line tools with argument -D. For example, the following command will display the debug output with a debug level 5 for modules starting with SecShAuth and level 2 for modules starting with Sft:

$ sftpg3 -D"SecShAuth*=5,Sft*=2" user@host




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now