I'm trying to view the logs for my SSH server (CentOS 7) but cannot seem to find them. It's configured to use the systemd socket activation. I normally expect to find them with journalctl -b -u sshd.service but since that service isn't being used, all it gives me is -- No entries --. Getting the logs of the socket aren't any more useful:
$ journalctl -b -u sshd.socket
-- Logs begin at Thu 2019-03-21 08:46:19 EDT, end at Thu 2019-03-21 08:55:24 EDT. --
Mar 21 08:46:38 gbox systemd[1]: Listening on OpenSSH Server Socket.
and that's it. I have systemd logging to the serial console, and there I see messages such as:
Mar 21 08:57:35 gbox systemd: Started OpenSSH per-connection server daemon (69.00.00.228:19212).
so….. why can't I see these in systemd/journald? Where do they live? How can I diagnose per-connection SSH daemon logs?
Edit: I know there's an active connection right now since I'm currently running these commands over SSH.
Best Answer
sshd.socketis set up usingAccept=true. This means it starts instances of a template unit calledsshd@.service.