Home
My Page
Projects
OpenVAS

[#1384] LSC ssh does not work with ssh keys

Date:
2010-04-15 14:24
Priority:
3
State:
Open
Submitted by:
Joseph Sokol-Margolis (seph)
Assigned to:
Nobody (None)
Architecture:
64 bits
Product:
OpenVAS
Operating System:
Linux
Component:
openvas-scanner
Version:
None
Severity:
normal
Resolution:
None
Hardware:
None
URL:
 
Summary:
LSC ssh does not work with ssh keys

Detailed description
I've been trying to get openvas up and running, and openvas-discuss (http://lists.wald.intevation.org/pipermail/openvas-discuss/2010-April/thread.html) has seen many messages to that effect.



Currently, I'm using revision 7289. Built normally, with the singular exception of *not* -O2. I don't have an X environment, so I'm using gsa as my client.



I created credentials with gsa, then created an account on the target machine (127.0.0.2), then created a simple scan of only "Determine OS and list of installed packages via SSH login" oid 1.3.6.1.4.1.25623.1.0.50282



When I disallow password based auth through ssh, it doesn't work. I interpret the logs to indicate no sshkey support. Which I thought would be there, since it's in the docs, and it creates ssh keys. Anyhow, here are logs...



From sshd in debug mode:



debug1: PAM: setting PAM_TTY to "ssh"

Connection closed by 127.0.0.2

debug1: do_cleanup

debug1: PAM: cleanup





The openvassd log:



openvassd: user om : attempted to gain more rights by adding accept 10.41.0.0/16

openvassd: user om starts a new scan. Target(s) : 127.0.0.2, with max_hosts = 20 and max_checks = 4

openvassd: user om : testing 127.0.0.2 (::ffff:127.0.0.2) [18157]

openvassd: shared_socket: Secret/SSH/socket is unknown

openvassd: process_internal_msg for gather-package-list.nasl returned -1

openvassd: Finished testing 127.0.0.2. Time : 2.32 secs

openvassd: user om : test complete

openvassd: Total time to scan all hosts : 2 seconds



If I look at the openvassd.dump, I see:



resolved to name 127.0.0.2

SSH-DEBUG: Host 127.0.0.2: no extended credentials configuration.

[18171](/var/lib/openvas/plugins/remote-pwcrack-options.nasl) script_get_preference_file_location: could not get local file name from preference Passwords file :





If I look at the report, it says:



NVT: SSH Authorization (OID: 1.3.6.1.4.1.25623.1.0.90022)

No port for an ssh connect was found open.

Hence local security checks might not work.



NVT: Determine OS and list of installed packages via SSH login (OID: 1.3.6.1.4.1.25623.1.0.50282)

Error : Remote server does not support one of the following password authentication methods : password, keyboard-interactive. It supports : publickey



I have auto_enable_dependencies set to yes in openvassd.conf, I don't

think there's another setting.

Followup

Message
Date: 2010-04-21 15:32
Sender: Joseph Sokol-Margolis

I just tested with OpenVAS_Desktop_VM.i686-0.0.12.iso, and this is present there as well.

Attached Files:

Changes:

No Changes Have Been Made to This Item


This site is hosted by Intevation GmbH