Troubleshooting
Troubleshooting Secure Shell Connections
If you are having trouble making a Secure Shell connection the trouble may come because Reflection cannot locate your host, or because of a problem with either host authentication or user authentication.
Using log files
If your connection problem is with host authentication, you may find useful information in the Reflection client log file.
If your problem is with user authentication, you may need to contact the administrator of the Secure Shell server. User authentication problems are common, and complete information about failed user authentication is available only in the server debug log-not in the client log. By design, the Secure Shell protocol does not provide specific information to clients about failed authentication attempts. This is done so that an attacker cannot use error messages to determine why an authentication failed and thus narrow in on a successful attack.
Troubleshooting suggestions
Password authentication
-
Incorrect password. Check that Caps lock is not enabled.
-
Expired password. You may need to use Keyboard Interactive authentication instead of Password authentication to enable password updates.
-
If no password prompt is displayed, password authentication may be disabled.
Public Key authentication
-
User's public key has not been uploaded to the correct location on the host.
-
User's public key has been uploaded to the correct location but has incorrect ownership or file permissions.
-
Key is passphrase protected and you have entered an incorrect passphrase.
-
The wrong key is selected for authentication on the User Keys tab of the Secure Shell Settings dialog box.
-
Too many public keys are selected, especially if you are attempting connections to servers running older versions of OpenSSH.
Certificate authentication
-
The certificate used to authenticate the host is not available. Check the Reflection trusted root store and the Microsoft trusted root and intermediate stores. (If use of the Microsoft store has been disabled, certificates must be in the Reflection store.)
-
The certificate used to authenticate the user is not available. Check the Reflection personal store and the Microsoft personal store.
-
The certificate used to authenticate either the host or user has expired.
-
Certificate host name must match host being contacted is enabled and the host name you have specified for this connection doesn't exactly match host name in certificate.
-
Certificate revocation checking is enabled and the Certificate Revocation List is not available.
-
Certificate revocation checking is enabled and the host certificate has been revoked.
Key exchange
- The following error occurs during key exchange: "fatal: dh_gen_key: group too small: 1024 (2*need 1024)". Modify the key exchange algorithms to put diffie-hellman-group14-sha1 ahead of the other algorithms.
More information
Use the Secure Shell Log File
The log file contains information you can use to troubleshoot Secure Shell connections.
note
You can use the Logging Level setting to determine the amount of information written to the Secure Shell log. This setting is available from the Reflection Secure Shell Settings dialog box -- General tab.
To use the log file from the Reflection for Secure IT client
-
Turn on tracing (Connection > Trace > Start Trace).
-
Make your connection.
-
Turn off tracing (Connection > Trace > Stop Trace).
-
Process the trace (Connection > Trace > Process Trace).
-
Select Network protocol details, and then click OK.
-
Select the trace file (
*.rev
) in the Logs folder, and then click Open. -
Select a filename and format for your log output, and then click OK.
To use the log file from the FTP Client
- Do one of the following:
To | Choose |
---|---|
Send log information to a file | Tools > Start Logging, and then change Files of Type to "Diagnostic File (*.txt)". |
View the log information in the FTP command window | View > Command Window. |