Two of the most useful utilities I have used: strace and strings.
Trace an application and all other called programs and push output to a file for examination
$ strace -f -o output.trace command
Sometimes programs don't match their documentation. They either have less options than they say they do, or more. Maybe they write their output to a specific directory, coded into the program. Maybe the programmer typo'd the code and it's trying to read a different config file (in a different location) than the documentation says. Maybe your 'sshd' or 'ssh' have been replaced by a hacker and you can scan through the source to figure out where the nefarious program is sending all of the captured data. Many times running 'strings' on an executable will give you a treasure-trove of information. Or, at least, tell you you need to start looking elsewhere for the issue.
$ strings /path/to/executable | less
Two of the most useful utilities I have used: strace and strings.
Trace an application and all other called programs and push output to a file for examination
$ strace -f -o output.trace command
Sometimes programs don't match their documentation. They either have less options than they say they do, or more. Maybe they write their output to a specific directory, coded into the program. Maybe the programmer typo'd the code and it's trying to read a different config file (in a different location) than the documentation says. Maybe your 'sshd' or 'ssh' have been replaced by a hacker and you can scan through the source to figure out where the nefarious program is sending all of the captured data. Many times running 'strings' on an executable will give you a treasure-trove of information. Or, at least, tell you you need to start looking elsewhere for the issue.
$ strings /path/to/executable | less