This consists of two steps:
1) Modify the sshd configuration file
2) Add the facility to /etc/syslog.conf
To complete the first step, edit the file /etc/ssh/sshd_config and replace the line
# Syslog facility and level
LogLevel info
with the debug level that you desire (debug1, debug2, debug3)
# Syslog facility and level
LogLevel debug3
Re-read the sshd config file
ps -ae|grep sshd
kill -hup <process id>
auth.debug /var/log/authdebug
Note: be careful copying this line (the file needs its indentation, check it with set list in vi editor auth.debug^I^I^I^I^I/var/log/authdebug)
You will need to create the file /var/log/authdebug it it does not exist
/etc/init.d/syslog stop
/etc/init.d/syslog start
On Solaris 5.10, at the command prompt, enter
svcadm disable svc:/system/system-log
svcadm enable svc:/system/system-log
svcadm enable svc:/system/system-log
When you are done, remember to modify the file /etc/syslog.conf to its original state, and disable/enables syslog, so it will stop logging to /var/log/authdebug.
