141 Jun 6 04:01:41 slave-lan sudo: vpn1 : TTY=ttyp1 ; PWD=homevpn1 ; USER=root Jun 6 04:01:41 slave-lan pppd[18747]: pppd 2.2.0 started by vpn1, uid 0 Jun 6 04:01:41 slave-lan pppd[18747]: Using interface ppp0 Jun 6 04:01:41 slave-lan pppd[18747]: Connect: ppp0 -- devttyp1 Jun 6 04:01:53 slave-lan pppd[18747]: local IP address 192.168.1.2 Jun 6 04:01:53 slave-lan pppd[18747]: remote IP address 192.168.1.1 As you can see, the SSH daemon output says that authentication is accepted, and sudo successfully launches the PPP daemon as root for vpn1. The PPP daemon is started up on the slave, then its started up on the master communicating with ttyp1, which is the SSH connection, which also assigns IP addresses.

8.5.2.1 Debugging an SSH connection

A failed SSH connection will give you the following error in the messages log: fatal: Connection closed by remote host . If this log indicates problems with the SSH connection, try connecting to the master from the slave using ssh -l vpn1 -v . That will give you verbose output of whats going on when you attempt to connect. Here are some common errors: Server refused our key This means that the public key of the account on the master attempting to make the connection e.g., root doesnt exist in the authorized_keys file of the account on the slave e.g., vpn1. The solution is to copy the public key from roots identity.pub file into vpn1s authorized_keys file. Server refused our rhosts authentication or host key This means that the server isnt in the .rhosts file or found in a known_hosts file. Add the server to either one, or both. As we said earlier in Section 8.2 , some implementations of shadow passwords may not work with SSH. Although its compatible with most of the major methods, including those used by Solaris, Ultrix, SCO, Irix, and Linux, there may be some that it doesnt recognize or know how to handle. You may not notice any problems at compile time, and will only see them when you attempt to make a connection using password authentication and are denied login. At this point your two options are to attempt to add the appropriate code yourself found in the configure.in and auth-passwd.c files, or to send a query to the SSH mailing list or the programs author. See the upcoming Section 8.5.3 for more on this.

8.5.2.2 Debugging a PPP connection

If it looks like SSH has started successfully, but PPP never starts, there are two things you need to check: sudo and pppd. The first thing to do is see if sudo executed successfully in the messages file. If you need more information, check for failures in syslog, which will typically look like this: