Logging for SSHD when started from Launchd with `-d` option?

macos ssh launchd

I'm working on OS X 10.8.5, fully patched. I have an updated OpenSSH server installed in /usr/local/sbin listening on port 1522. Connection attempts result in ssh_exchange_identification: Connection closed by remote host. sudo grep 'sshd' /var/log/* 2>/dev/null at the server is returning almost nothing, so I'm trying to gather more information at the server on the cause.

According to man sshd(8), -d is debug mode and it sends verbose debug output to standard error. I added -d to ProgramArguments in the plist, but the plist also sets StandardErrorPath to /dev/null. So I'm guessing the debugging information is being discarded.

I checked launchctl(1) man page, but I don't see what I should do to modify StandardErrorPath so that its logged somewhere. The man page does not even discussed the name/value pair.

How should I change the configuration so the debug logging is logged somewhere, and I know where that "somewhere" is?

$ cat /System/Library/LaunchDaemons/ssh-7.1.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Disabled</key>
    <true/>
    <key>Label</key>
    <string>com.openssh.sshd-v7.1</string>
    <key>Program</key>
    <string>/usr/local/sbin/sshd</string>
    <key>ProgramArguments</key>
    <array>
        <string>-i -d</string>
    </array>
    <key>Sockets</key>
    <dict>
            <key>Listeners</key>
            <dict>
                    <key>SockServiceName</key>
                    <string>1522</string>
            </dict>
    </dict>
    <key>inetdCompatibility</key>
    <dict>
        <key>Wait</key>
        <false/>
    </dict>
    <key>StandardErrorPath</key>
    <string>/dev/null</string>
    <key>SHAuthorizationRight</key>
    <string>system.preferences</string>
</dict>
</plist>

  1. To add the -d argument to sshd, it should be added as a new element to the array:

    <string>-d</string>

    The section should look like:

    <key>ProgramArguments</key>
    <array>
        <string>-i</string>
        <string>-d</string>
    </array>

  2. Instead of editing the plist files directly, you can use /usr/libexec/PlistBuddy (-h to show help).

  3. There is a utility script ssh-util.rb that can turn logging on/off. It is part of the OpenSSH-189 package found at: opensource.apple.com.

    Link to ssh-util.rb

    Here are the required commands to run (as produced from the ruby script):

    /usr/bin/ruby ./ssh-util.rb -l on -v --debug --dryrun

    or manually:

    sudo /usr/libexec/PlistBuddy -c "add :ProgramArguments:2 string '-ddd'" /System/Library/LaunchDaemons/ssh.plist
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load /System/Library/LaunchDaemons/ssh.plist
sudo touch /var/run/com.openssh.sshd-asl-enabled

  4. When finished debugging,, you'll need to run either:

    /usr/bin/ruby ./ssh-util.rb -l off -v --debug --dryrun

    or manually:

    sudo /usr/libexec/PlistBuddy -c "Delete :ProgramArguments:2" /System/Library/LaunchDaemons/ssh.plist
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load /System/Library/LaunchDaemons/ssh.plist
sudo rm -f /var/run/com.openssh.sshd-asl-enabled

Notes on OS X Logging

Related

Abort OS X download initiated through App Store?
How to use previous iTunes icon?
Use iPad as output device without iTunes?
Is there a File explorer/Finder like tool for mac os, which can sort folders by name?
Permanently disable Apple's OpenSSH?
Determine if file or directory is encrypted?
System Preferences locked After Username Change
Perform restore without update?
Suddenly Siri started to drain battery on iPhone SE (iOS 12.3.1)
iPad 2017 unable to restore/update
Data recovery from 2012 MacBook Air SSD using 2011 MacBook Air
How to change the boot order of APFS volumes? [duplicate]