Something I like to do when diagnosing why SSH credentials might not work from UNIX to UNIX is to throw sshd into debug mode.
If you set LogLevel to DEBUG in sshd_config and then attempt a login, it will log exactly why a login attempt failed. Don't forget to put it back to INFO or to restart sshd when you make changes. Ron Gula, CTO Tenable Network Security John Scherff wrote: > Thomas, > > > > Does your Nessus scanner have a PTR record (reverse-map entry) in the > DNS? Some implementations of sshd have a bug wherein you can't turn off > reverse-map checking (setting 'ReverseMappingCheck' to 'no' in the > sshd_config file has no effect). > > > > Also, are you doing anything with TCP wrappers on the target? > > > > John Scherff > > > > > > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Nguyen Van > Sent: Tuesday, December 19, 2006 8:26 AM > To: '[email protected]' > Subject: RE: SSH Credentials problem > > > > > > Good afternoon, > > In addition to my previous mail of today, I would like to add those > information: > > We did the following tests: > Test 1 - Manual SSH connection to IP_Nessus_Target with password: Ok > Test 2 - Manual SSH connection to IP_Nessus_Target with public/private > keys: Ok > Test 3 - Nessus SSH connection to IP_Nessus_Target with password: Ok > Test 4 - Nessus SSH connection to IP_Nessus_Target with public/private > keys: Failed > > The analyse of the /var/adm/messages file on IP_Nessus_Target showed > that: > Dec 19 16:05:55 IP_Nessus_Target sshd[13422]: [ID 800047 auth.info] Did > not receive ident string from IP_Nessus_Scanner. > > Dec 19 16:05:56 IP_Nessus_Target sshd[13423]: [ID 800047 auth.info] > Could not reverse map address IP_Nessus_Scanner. > Dec 19 16:05:56 IP_Nessus_Target sshd[13423]: [ID 800047 auth.info] > Connection closed by IP_Nessus_Scanner > Dec 19 16:06:01 IP_Nessus_Target sshd[13424]: [ID 800047 auth.info] > Could not reverse map address IP_Nessus_Scanner. > Dec 19 16:06:01 IP_Nessus_Target sshd[13424]: [ID 800047 auth.info] > Connection closed by IP_Nessus_Scanner > Dec 19 16:06:01 IP_Nessus_Target sshd[13425]: [ID 800047 auth.info] Did > not receive ident string from IP_Nessus_Scanner. > > > > Do you know why I read the message "Did not receive ident string from > IP_Nessus_Scanner." on the Nessus_Target? > > Many thanks in advance > Regards, > Thomas > > -----Original Message----- > From: Thomas Nguyen Van > Sent: 19 December 2006 13:04 > To: '[email protected]' > Subject: SSH Credentials problem > > > > Good afternoon, > > I checked your Nessus' FAQ before calling you > (http://mail.nessus.org/pipermail/nessus/2006-September/msg00186.html) > and I have quiet the same problem as JeanPaul. > > Actually, I activated the plugins "Local Checks Failed" (21745) and > scanned a solaris server. On the /var/log/message file, I can see that > nessus account was able to connect on the target server: > > Dec 19 13:01:09 Server_Target sshd[7724]: [ID 800047 auth.info] > Accepted publickey for nessus_account from nessus_server port 56364 ssh2 > > However, when I checked the .nbe file, I got the error message > associated to the plugin 21745 and I can't get any information like > security holes or general information with the plugin 12634. > > I would really appreciate a clue to understand what happened. > > Thanks a million > > Thomas > > > > BT Communications Ireland Limited > is a wholly owned subsidiary of BT Group plc > Registered in Ireland, Registration No. 141524 > Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland > > This electronic message contains information (and may contain files) > from BT Communications Ireland Limited which may be privileged or > confidential. The information is intended to be for the sole use of the > individual(s) or entity named above. If you are not the intended > recipient be aware that any disclosure, copying, distribution or use of > the contents of this information and or files is prohibited. If you have > received this electronic message in error, please notify us by telephone > or email (to the numbers or address above) immediately. > http://www.btireland.ie > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
