Back to commands

Linux Survival Basics

Read-only, sensitive output

Run SSH Verbose Auth Test

You need client-side auth negotiation detail for one explicit key.

Command

ssh -vvv -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519 user@example.com

Before you run this

System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.

When not to use it: Do not share verbose SSH output without redacting hostnames, users, key paths, and fingerprints.

Expected output

Verbose SSH debug lines showing identity selection and auth result.

System impact

Read-only, sensitive output. Nothing changes. The command reads current state and prints diagnostic evidence.

Recovery / rollback: no state is changed.

When to use it

Use when server logs are unavailable or the client chooses the wrong identity.

When not to use it

Do not share verbose SSH output without redacting hostnames, users, key paths, and fingerprints.

Common misread

Do not share verbose SSH output without redacting hostnames, users, key paths, and fingerprints.

Example run

Commands shown

These are the commands shown for inspection. Treat them as an example, not proof that your system will behave identically.

  1. ssh -vvv -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519 user@example.com
  2. ssh -vvv -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519 user@example.com

next steps

Related commands

Linux Survival Basics Sensitive output

Test SSH with One Identity File

Force one key when the agent offers too many identities.

ssh -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519 user@example.com
Linux Survival Basics Read-only

Show HTTPS Certificate with curl

curl can show the certificate path a client actually sees.

curl -Iv https://example.com/ 2>&1 | sed -n "/SSL connection/,/expire date/p"
Linux Survival Basics Read-only

Check Domain A Records

A renewal can fail because DNS points elsewhere.

dig +short example.com A
Linux Survival Basics Sensitive output

Show Served Certificate SANs

SANs decide which hostnames the certificate covers.

openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | openssl x509 -noout -ext subjectAltName

next diagnostic step

Where to go from this command

Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • LPIC-1 style command-line practice
  • LFCS style performance-task practice
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.