Troubleshooting Command Reference
Normally, the SSH client is invoked without the final argument shown in Troubleshooting Introduction, which performs a sign in to the target host into an interactive shell session. When invoked with the optional command argument, this causes the SSH client to only invoke that command in a non-interactive fashion. This is an important component of the troubleshooting process, as the use of the command argument will replicate the behavior of the SSH Collection Module. It also provides a test for the behavior described above; an interactive session will allocate a TTY terminal device, while the non-interactive execution of a single command will not. Testing the sudo configuration often requires you to invoke a TTY device.
When performing troubleshooting to determine the cause of an authentication failure experienced by the SSH Collection Module, the '-v' flag can be given to the SSH client to cause it to emit extra verbose debugging output. This flag can be given multiple times to cause the SSH client to emit more information. It is highly recommended to use this flag when performing troubleshooting.
Depending on the type of authentication being utilized, the authentication-flags field may need to be used to cause the client to specifically use the type of authentication desired, as well as the specific authentication credentials to be used.
|
Type of Authentication |
authentication-flags Field |
|
Password or keyboard-interactive authentication |
If using password or keyboard-interactive authentication, this can be specified as, for example: -o PreferredAuthentications="password" |
|
Public key authentication |
If using public key authentication, this would be: -o PreferredAuthentications="publickey" |
|
Public key authentication to specify which key the client uses for authentication attempts |
If using public key authentication to specify which key the client uses for authentication attempts, the following could be used, for example: -i /home/risc/key |
|
Simple connection test using password authentication to the target host to validate the connection |
To perform a simple connection test using password authentication to the target host to validate the connection, authentication, and ability to issue a simple command: ssh -v -o PreferredAuthentications="password" risc@10.0.0.2 "true" |
|
Simple connection test using public key authentication to the target host to validate the connection |
To test the same with publickey authentication: ssh -v -o PreferredAuthentications="publickey" -i /home/risc/key risc@10.0.0.2 "true" |
|
Testing the availability and configuration of sudo |
Testing the availability and configuration of sudo is of primary importance, as this is often the main reason for a failure to bring a host into inventory: ssh -v risc@10.0.0.2 'sudo ifconfig -a' |