Is it Reachable?
dig <hostname> # for detailed debugging
nslookup <hostname> # for quick info check- Check if DNS resolution is working
- If not, we can proceed if we know the IP Address of the host
nc -vz <hostname> <port>
# example
# nc -vz notes.yxy.ninja 443
# Connection to notes.yxy.ninja port 443 [tcp/https] succeeded!- Check if port is open
ping <hostname>
# example
# ping notes.yxy.ninja
# PING notes.yxy.ninja (104.21.96.1): 56 data bytes
traceroute <hostname> # to see which part of the path broken- Check if the destination is reachable and path stable
Is Service Up?
nmap -sV -p <port> <hostname>
# example
# nmap -sV -p 443 notes.yxy.ninja
# PORT STATE SERVICE VERSION
# 443/tcp open ssl/http Cloudflare http proxy- Check if the service is available at the expected port
Is It Blocked?
- We may have firewall rules that block certain type of traffic or certain ports
- It is important to check firewall rules on both client and server side
Is Authentication Okay?
- You can use
-vflag in a lot of commands to inspect for authentication issues
SSH keys and permissions
Ensure we have
rwxaccess to the.sshfolder withchmod 700 ~/.ssh/andrwaccess to the items inside the.sshfolder withchmod 600 ~/.ssh/*.
Are Configs Correct?
- The configs on both the client and server may define how they should communicate with each other
SSH config
There are 3 popular config phases that define the way and who can access on the server side which can be found in
/etc/ssh/sshd_config:
PasswordAuthentication yes/noPubkeyAuthentication yesPermitRootLogin noThe client-side config file can be found here
~/.ssh/config.
Check The Logs
- We should push all logs to a central place where we can have visibility into the server
- If we didn’t push logs to a central place, we can check the logs using
systemctl status <service>orjournalctl -u <service>