Agent Troubleshooting
Agent Troubleshooting
Section titled “Agent Troubleshooting”Diagnose and resolve common SSH-KLM agent issues.
Diagnostic Commands
Section titled “Diagnostic Commands”# Check agent statussudo systemctl status ssh-klm-agent
# View recent logssudo journalctl -u ssh-klm-agent -n 100
# Follow logs in real-timesudo journalctl -u ssh-klm-agent -f
# Agent self-testsudo ssh-klm-agent diagnoseCommon Issues
Section titled “Common Issues”Agent Not Connecting
Section titled “Agent Not Connecting”Symptoms: Agent shows “disconnected” in UI
Diagnosis:
# Test connectivitycurl -v https://ssh-klm.example.com/health
# Check DNS resolutionnslookup ssh-klm.example.com
# Test with agentsudo ssh-klm-agent test-connectionSolutions:
- Verify server URL in config
- Check firewall allows outbound 443/8443
- Validate registration token
- Check proxy settings if applicable
Registration Failed
Section titled “Registration Failed”Symptoms: registration failed: invalid token
Solutions:
- Generate new registration token
- Check token hasn’t expired
- Verify token host limit not reached
# Re-register agentsudo ssh-klm-agent configure \ --server https://ssh-klm.example.com \ --token NEW_TOKEN \ --forceDiscovery Returns No Keys
Section titled “Discovery Returns No Keys”Symptoms: Scan completes with 0 keys
Diagnosis:
# Check paths being scannedsudo ssh-klm-agent config show | grep -A10 discovery
# Manual checksudo ls -la /home/*/.ssh/Solutions:
- Verify discovery paths in config
- Check agent has read permissions
- Ensure SSH directories exist
# Test discovery manuallysudo ssh-klm-agent discovery run --dry-runHigh Memory Usage
Section titled “High Memory Usage”Symptoms: Agent using excessive memory
Solutions:
- Reduce concurrent scans:
resources: maxConcurrentScans: 1- Increase scan interval
- Exclude large directories
Agent Crashes
Section titled “Agent Crashes”Symptoms: Service restarts frequently
Diagnosis:
# Check for crash logssudo journalctl -u ssh-klm-agent | grep -i "panic\|fatal\|error"
# Check system resourcesfree -hdf -hSolutions:
- Check disk space
- Verify memory available
- Update to latest agent version
Certificate Errors
Section titled “Certificate Errors”Symptoms: TLS handshake failures
Solutions:
# Update CA certificatessudo update-ca-certificates
# Or specify CA in configserver: tls: caCert: /path/to/ca.crtDebug Mode
Section titled “Debug Mode”Enable verbose logging:
logging: level: debugOr via environment:
SSHKLM_LOG_LEVEL=debug sudo ssh-klm-agent runCollecting Support Bundle
Section titled “Collecting Support Bundle”# Generate diagnostic bundlesudo ssh-klm-agent support-bundle --output /tmp/agent-diag.tar.gz
# Contents:# - Configuration (secrets redacted)# - Recent logs# - System information# - Network diagnostics