Two follow-ups to this:
1) Any plans to support SSHv1?
(or can I this be hack this in easily with unsupported botches? :-) )

2) The Nessus_credial_checks.pdf says, under "What else can go wrong with my
host checks?" ...
"On UNIX systems, administrators that move SSH to ports other than 22"

But it appears that (now) Nessus can login whatever the SSH port used, as
long at detects (scans) the port that SSH is running on - correct?


Dom
Dom De Vitto  | Security Consultant
Virgin Media,  Crawley Court, Crawley, Winchester, Hants, SO21 2QA
M: 07855 805 271   D: 01483 87 5500   E: [EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Renaud Deraison
Sent: 07 June 2007 12:17
To: Nessus List
Subject: Re: Unknown function



Hi Roch,

On Jun 7, 2007, at 12:14 PM, Roch wrote:

> Hi,
>
> When verifying ssh login credentials to a Redhat ES 4.0 system I am  
> getting:
>
>
> Unknown function 'aes_cbc_encrypt' (ssh_test.nasl, line 576)
> Unknown function 'tripledes_cbc_encrypt' (ssh_test.nasl, line 578)
> Unknown function 'aes_cbc_encrypt' (ssh_test.nasl, line 576)
> Unknown function 'tripledes_cbc_encrypt' (ssh_test.nasl, line 578)
> Unknown function 'aes_cbc_decrypt' (ssh_test.nasl, line 596)
> Unknown function 'tripledes_cbc_decrypt' (ssh_test.nasl, line 598)
> Unknown function 'aes_cbc_decrypt' (ssh_test.nasl, line 596)
> Unknown function 'tripledes_cbc_decrypt' (ssh_test.nasl, line 598)
>
> After running nasl -X -t ip.of.host. ssh_test.nasl
>
> Turns out it is trying to log in using  blowfish-cbc encryption as it
> doesn't recognise the others. Has something changed in ssh_func.inc?

These warnings are harmless and only occur when in command-line mode.  
Currently, Nessus 2.x and 3.0 only support blowfish-cbc encryption.  
In Nessus 3.1.x we've added support for AES and 3DES and we modified  
ssh_func.inc to account for that.

Given how the script is written, it still works well with Nessus 2.x  
and 3.0.x and in Nessus 3.1.x it has the ability to also negotiate  
AES and 3DES.


                                -- Renaud

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

------------------------------------------------------------------------------

Save Paper - Do you really need to print this e-mail?

Visit www.virginmedia.com for more information, and more fun.

This email and any attachments are or may be confidential and legally 
privileged and are sent solely for the attention of the addressee(s). If you 
have received this email in error, please delete it from your system: its use, 
disclosure or copying is unauthorised. Statements and opinions expressed in 
this email may not represent those of Virgin Media. Any representations or 
commitments in this email are subject to contract. Please note that we are 
migrating our email addresses to a company wide address of 
"@virginmedia.co.uk". If you are sending to a Telewest or ntl email address 
your email will be re-directed. 

Registered office: 160 Great Portland Street, London W1W 5QA. Registered in 
England and Wales with number 2591237


==============================================================================

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to