(I guess I was not subscribed to nessus_at_lists.nessus.org Hope
this continues the thread)
It successfully logs me in to the other box. But, in case you know
something I do not, I will paste the dump from when I connect up...
[EMAIL PROTECTED] ~]# ssh -v -i /root/nessus_key [EMAIL PROTECTED]
OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.4.2.193 [10.4.2.193] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/nessus_key type 2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.4.2.193' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /root/nessus_key
debug1: Server accepts key: pkalg ssh-dss blen 432
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
[EMAIL PROTECTED] nessus]$ echo "I am in"
I am in
[EMAIL PROTECTED] nessus]$ logout
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 10.4.2.193 closed.
debug1: Transferred: stdin 0, stdout 0, stderr 34 bytes in 16.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 2.1
debug1: Exit status 0
[EMAIL PROTECTED] ~]#
Now, the key-file that I am using there is not precisely the key-file
that I think is being used. I have been connecting up to the Nessus
box through the windows GUI, and I have a copy of that same key-file
on my windows box. I do not think there is any problem with the dos
cr/lf issue, and it appears that the two files are identical... But,
they are not one and the same file...
Ok. So what I did was to install NessusClient on my linux Nessus
server. I used the same public and private keyfile from that text
ssh login I pasted in above. With the NessusClient on the Linux box,
and using /root/nessus_key and /root/nessus_key.pub, it still does
not work.
I am running the NessusClient as root, and Nessusd is running as
root. I have a different nessus user than root, but those do not map
to linux users, correct?
Here is more information:
[EMAIL PROTECTED] ~]# rpm -q Nessus
Nessus-3.0.2-fc5
[EMAIL PROTECTED] ~]# rpm -q NessusClient
NessusClient-1.0.0.RC5-fc5
[EMAIL PROTECTED] ~]#
My test environment does have some delays due to to no reverse DNS.
I do not think that should have any impact either...
- Tim
On Fri, Jun 02, 2006 at 05:27:55PM -0400, Tim Young wrote:
When I try using ssh keys, I get the following in my /var/log/secure file:
Did not receive identification string from ....
...
*Both* of them report back to me with a:
It was not possible to log into the remote host. Nessus report the
following error:
[public key authentication failed | password authentication failed]
Assuming that the private key you're trying to use is
'/home/test/nessus/ssh_key' and that you're using the account 'nessus'
and targetting 192.168.1.44, try running the following from the nessusd
host:
ssh -v -i /home/test/nessus/ssh_key nessus_at_192.168.1.44 id
What do you see?
George
--
theall_at_tenablesecurity.com
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
