Afternoon Ron, Thanks for your tips and I applied it. The next tests are tomorrow night. I'll send you the results.
Thanks lads for your help :o) Thomas Nguyen Van (CEH) | OneIT Technical Security Consultant | OneIT Operations | BT | E: [EMAIL PROTECTED] |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899| www.btireland.com -----Original Message----- From: Ron Gula [mailto:[EMAIL PROTECTED] Sent: 15 January 2007 20:32 To: John Scherff Cc: Thomas Nguyen Van; [email protected] Subject: Re: SSH Credentials problem Something I like to do when diagnosing why SSH credentials might not work from UNIX to UNIX is to throw sshd into debug mode. If you set LogLevel to DEBUG in sshd_config and then attempt a login, it will log exactly why a login attempt failed. Don't forget to put it back to INFO or to restart sshd when you make changes. Ron Gula, CTO Tenable Network Security John Scherff wrote: > Thomas, > > > > Does your Nessus scanner have a PTR record (reverse-map entry) in the > DNS? Some implementations of sshd have a bug wherein you can't turn > off reverse-map checking (setting 'ReverseMappingCheck' to 'no' in the > sshd_config file has no effect). > > > > Also, are you doing anything with TCP wrappers on the target? > > > > John Scherff > > > > > > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Nguyen Van > Sent: Tuesday, December 19, 2006 8:26 AM > To: '[email protected]' > Subject: RE: SSH Credentials problem > > > > > > Good afternoon, > > In addition to my previous mail of today, I would like to add those > information: > > We did the following tests: > Test 1 - Manual SSH connection to IP_Nessus_Target with password: Ok > Test 2 - Manual SSH connection to IP_Nessus_Target with public/private > keys: Ok > Test 3 - Nessus SSH connection to IP_Nessus_Target with password: Ok > Test 4 - Nessus SSH connection to IP_Nessus_Target with public/private > keys: Failed > > The analyse of the /var/adm/messages file on IP_Nessus_Target showed > that: > Dec 19 16:05:55 IP_Nessus_Target sshd[13422]: [ID 800047 auth.info] Did > not receive ident string from IP_Nessus_Scanner. > > Dec 19 16:05:56 IP_Nessus_Target sshd[13423]: [ID 800047 auth.info] > Could not reverse map address IP_Nessus_Scanner. Dec 19 16:05:56 > IP_Nessus_Target sshd[13423]: [ID 800047 auth.info] Connection closed > by IP_Nessus_Scanner Dec 19 16:06:01 IP_Nessus_Target sshd[13424]: [ID > 800047 auth.info] Could not reverse map address IP_Nessus_Scanner. > Dec 19 16:06:01 IP_Nessus_Target sshd[13424]: [ID 800047 auth.info] > Connection closed by IP_Nessus_Scanner > Dec 19 16:06:01 IP_Nessus_Target sshd[13425]: [ID 800047 auth.info] Did > not receive ident string from IP_Nessus_Scanner. > > > > Do you know why I read the message "Did not receive ident string from > IP_Nessus_Scanner." on the Nessus_Target? > > Many thanks in advance > Regards, > Thomas > > -----Original Message----- > From: Thomas Nguyen Van > Sent: 19 December 2006 13:04 > To: '[email protected]' > Subject: SSH Credentials problem > > > > Good afternoon, > > I checked your Nessus' FAQ before calling you > (http://mail.nessus.org/pipermail/nessus/2006-September/msg00186.html) > and I have quiet the same problem as JeanPaul. > > Actually, I activated the plugins "Local Checks Failed" (21745) and > scanned a solaris server. On the /var/log/message file, I can see that > nessus account was able to connect on the target server: > > Dec 19 13:01:09 Server_Target sshd[7724]: [ID 800047 > auth.info] Accepted publickey for nessus_account from nessus_server > port 56364 ssh2 > > However, when I checked the .nbe file, I got the error message > associated to the plugin 21745 and I can't get any information like > security holes or general information with the plugin 12634. > > I would really appreciate a clue to understand what happened. > > Thanks a million > > Thomas > > > > BT Communications Ireland Limited > is a wholly owned subsidiary of BT Group plc > Registered in Ireland, Registration No. 141524 > Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland > > This electronic message contains information (and may contain files) > from BT Communications Ireland Limited which may be privileged or > confidential. The information is intended to be for the sole use of > the > individual(s) or entity named above. If you are not the intended > recipient be aware that any disclosure, copying, distribution or use of > the contents of this information and or files is prohibited. If you have > received this electronic message in error, please notify us by telephone > or email (to the numbers or address above) immediately. > http://www.btireland.ie > > > > > ---------------------------------------------------------------------- > -- > > _______________________________________________ > Nessus mailing list > [email protected] http://mail.nessus.org/mailman/listinfo/nessus BT Communications Ireland Limited is a wholly owned subsidiary of BT Group plc Registered in Ireland, Registration No. 141524 Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland This electronic message contains information (and may contain files) from BT Communications Ireland Limited which may be privileged or confidential. The information is intended to be for the sole use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information and or files is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. http://www.btireland.ie
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
