Troubleshooting and Best Practices

Troubleshooting

Can’t Connect After Changes

sudo systemctl status sshd
sudo ufw status           # or: firewall-cmd --list-all
sudo sshd -t
sudo journalctl -u sshd -n 50

Permission Denied (publickey)

ls -la ~/.ssh
# .ssh: 700 | authorized_keys: 600 | private keys: 600

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Too Many Authentication Failures

Multiple keys in your SSH agent will trigger this:

ssh-add -D
ssh-add ~/.ssh/id_prod_server

# Or force a specific key
ssh -o IdentitiesOnly=yes -i ~/.ssh/id_prod_server user@server

2FA Code Not Working

timedatectl status
sudo systemctl restart chrony   # or ntpd

Monthly Security Audits

# Review authorized_keys
cat ~/.ssh/authorized_keys

# Check for weak host keys
for key in /etc/ssh/ssh_host_*_key.pub; do ssh-keygen -lf $key; done

# Anomalies in auth logs
sudo grep -i "POSSIBLE BREAK-IN" /var/log/auth.log

# Users with empty passwords
sudo awk -F: '($2 == "") {print $1}' /etc/shadow

Key Rotation

I rotate SSH keys annually: generate new pair → deploy to all servers → test → remove old public key → update documentation.

Enterprise Documentation

Track: SSH configuration changes, authorized users and their keys, justification for any non-standard settings, incident response procedures, key rotation schedule.