# Troubleshooting guide ## Error `Host key verification failed.` + `SSH Monitor Error:...` If you get the following error message in the {{IOC_shell}}, when initializing the {{IOC_program}}: ```{prompt} text ... Host key verification failed. SSH Monitor ERROR: the full SSH command including the shell instruction (<...>) returns an error when executed! ... Host key verification failed. SSH Monitor ERROR: the full SSH command including the shell instruction (<...>) returns an error when executed! ... Host key verification failed. SSH Monitor ERROR: the full SSH command including the shell instruction (<...>) returns an error when executed! ... Host key verification failed. SSH Monitor ERROR: the full SSH command including the shell instruction (<...>) returns an error when executed! ... ``` This is probably because the {{target}} is not a "known SSH host" of the {{host}}. Try to SSH to the {{target}} from the {{host}}, with the same user used by your {{SSH_Monitor}} {{IOC_program}} (e.g. `sshmonitor-user`): ```{code} bash host-pc $ echo $USER sshmonitor-user host-pc $ ssh sshmonitor-user@192.168.2.3 ``` At this point, you will be asked if you want to continue (yes) in order to consider the {{target}} as a "known SSH host": ```{code} text The authenticity of host '192.168.2.3 ()' can't be established. ECDSA key fingerprint is SHA256:4ohcHl4WVPwNL3U4FAsy+TWf7T8i/ziBLIdstgqFhsU. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? > yes Warning: Permanently added '192.168.2.3' (ECDSA) to the list of known hosts. ``` Now you should just have to restart the {{IOC_program}}, and the error messages should have disappear. If the error still occurs, then another possible explanation is that the `SSH_OPTS_AND_ARGS` {{macro}}\ -- specified in the {{cmd}} file -- contains e.g. a syntax error. ## Error `Connection closed by UNKNOWN port 65535` If you get the following error message in the {{IOC_shell}}: ```{code} text ... Jan 1 00:00:00 ioc-name procServ[123456]: Connection closed by UNKNOWN port 65535 Jan 1 00:00:00 ioc-name procServ[123456]: Connection closed by UNKNOWN port 65535 Jan 1 00:00:00 ioc-name procServ[123456]: Connection closed by UNKNOWN port 65535 Jan 1 00:00:00 ioc-name procServ[123456]: Connection closed by UNKNOWN port 65535 Jan 1 00:00:00 ioc-name procServ[123456]: Connection closed by UNKNOWN port 65535 ... ``` This is probably because your are using a intermediate machine as a "jump" machine in order to reach a {{target}}, but the {{host}} cannot connect through the intermediate machine anymore. Make sure that the intermediate machine is not down, that it's firewall configuration is OK, that the network between the {{host}} and the intermediate machine is not down and allows the connection, etc. ## Message `muxclient: master hello exchange failed` When running your {{IOC_program}}, if you encounter the following message: ```{code} text muxclient: master hello exchange failed ``` then you can ignore it. This is a quite rare message that might be due to the fact that the user running the {{IOC_program}}\ is forwarding an ssh-agent with more than one {{SSH}} key (probably only in some virtualized environments). See the first note of section 5.1 of the following link: To get rid of this message, just make sure that the user running the {{IOC_program}} is not himself accessed through an {{SSH}} connection forwarding an ssh-agent. ## Message `ControlSocket $HOME/.ssh/<...> already exists, disabling multiplexing` When running your {{IOC_program}}, if you encounter the following message: ```{code} text ControlSocket $HOME/.ssh/<...> already exists, disabling multiplexing ``` Then you can change the `SSH_OPTS_AND_ARGS` {{macro}} in your {{cmd}} file, in order for the `ControlPersist` option to be set to a longuer duration, longer than the `SCAN_MACRO` {{macro}} (if specified in the {{cmd}}) or the default `SCAN` {{macro}} (specified in the {{substitutions}}).