Troubleshooting SSH¶
File permissions¶
The first thing to check is whether your system has the correct permissions on
the following files (you can check the octal representation of the file
permission with: stat -c %a <filename>):
# client-side
chmod go-w $HOME
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/config # (documentation varies 644, 600, 400)
chmod 600 $HOME/.ssh/id_rsa # (private keys, rsa and other types)
chmod 644 $HOME/.ssh/id_rsa.pub # (public keys, rsa and other types)
chmod 600 $HOME/.ssh/known_hosts # (not documented)
# server side:
chmod 600 <other system's home dir>/.ssh/authorized_keys
Ownership¶
All files and directories under ~/.ssh, as well as ~/.ssh itself, should
be owned by the user with id $(id -u).
chown -R $(id -u):$(id -g) ~/.ssh
ssh from the command line¶
Check if you can access the remote system using OpenSSH instead of Xenon. On Ubuntu-like systems, you can install OpenSSH with:
sudo apt install openssh-client
Increase ssh’s verbosity using the -vvvv option (more v’s means higher
verbosity), e.g.
ssh -vvv user@host
Another useful option is to ask ssh for a list of its configuration options
and their values with the -G option, e.g.
ssh -G anyhost
ssh -G user@some.system.com
Sometimes, a connection cannot be set up because of a configuration problem on the server side. If you have access to the server through another way, running
sshd -T
might help track the problem down. Note that the results may be user-dependent,
for example the result may be different for root or for a user.
Configuration settings¶
client-side, user configuration:
/etc/ssh/ssh_configclient-side, system configuration
$HOME/.ssh/configserver-side, system configuration
/etc/ssh/sshd_config
known_hosts¶
file permission
host name hashed or not
hashKnownHostsremoving a given host’s key goes like this
ssh-keygen -R [localhost]:10022
Xenon with properties¶
See http://xenon-middleware.github.io/xenon/versions/3.0.1/javadoc/
xenon.adaptors.schedulers.ssh.strictHostKeyCheckingxenon.adaptors.schedulers.ssh.loadKnownHostsxenon.adaptors.schedulers.ssh.loadSshConfig