Ron - Good morning and thanks for the reply. I've setup another 'fresh' account on the box to be scanned with the same user rights as the old one (root, ssh, wheel, adm) and put sshd as the primary group for the account. I then opened up a SSH session on another linux box and was able to connect fine with the login / password information. I even checked the secure logs on the target machine which even showed a solid connection. I then used that login / password credentials for Nessus and got the following errors from the targets secure log:
===================== Oct 29 04:01:34 localhost sshd[7406]: Did not receive identification string from <Scan Machine IP> Oct 29 04:02:00 localhost sshd[7411]: Invalid user n3ssus from <Scan Machine IP> Oct 29 04:02:04 localhost sshd[7712]: Did not receive identification string from <Scan Machine IP> Oct 29 04:02:16 localhost sshd[7714]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0 Oct 29 04:02:16 localhost sshd[7715]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0 Oct 29 04:02:16 localhost sshd[7717]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0 Oct 29 04:02:17 localhost sshd[7721]: Connection closed by UNKNOWN Oct 29 04:02:17 localhost sshd[7713]: Did not receive identification string from UNKNOWN Oct 29 04:02:17 localhost sshd[7726]: Connection closed by <Scan Machine IP> Oct 29 04:02:17 localhost sshd[7724]: Connection closed by UNKNOWN Oct 29 04:02:17 localhost sshd[7730]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0 Oct 29 04:02:17 localhost sshd[7733]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0 Oct 29 04:02:17 localhost sshd[7734]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0 Oct 29 04:02:17 localhost sshd[7727]: Invalid user guest from <Scan Machine IP> Oct 29 04:02:18 localhost sshd[7410]: Connection closed by <Scan Machine IP> Oct 29 04:02:20 localhost sshd[7411]: Excess permission or bad ownership on file /var/log/btmp Oct 29 04:02:20 localhost sshd[7412]: input_userauth_request: invalid user n3ssus Oct 29 04:02:20 localhost sshd[7412]: Connection closed by <Scan Machine IP> Oct 29 04:02:32 localhost sshd[7735]: Did not receive identification string from <Scan Machine IP> Oct 29 04:02:32 localhost sshd[7736]: Did not receive identification string from <Scan Machine IP> Oct 29 04:02:37 localhost sshd[7718]: Connection closed by <Scan Machine IP> Oct 29 04:02:37 localhost sshd[7723]: Connection closed by <Scan Machine IP> Oct 29 04:02:37 localhost sshd[7729]: Connection closed by <Scan Machine IP> Oct 29 04:02:37 localhost sshd[7727]: Excess permission or bad ownership on file /var/log/btmp Oct 29 04:02:37 localhost sshd[7731]: input_userauth_request: invalid user guest Oct 29 04:02:37 localhost sshd[7731]: Connection closed by <Scan Machine IP> =================================================== This scan machine is a RHEL 5.1 Linux box. I was getting the same errors on the windows scan machine also. Thanks.. Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula Sent: Tuesday, October 28, 2008 18:12 To: Nessus Subject: Re: RHEL 5.2 -> Local Checks Failed Brown, Scott CTR -Navair - Siap wrote: > Good afternoon. I'm in a trail process for Nessus and I ran into a > slight problem. I have a RHEL 5.2 machine which I'd like to scan. I > created an account on the machine and gave it adm, root, and ssh > privileges. In the Default Policy -> Credentials -> SSH Settings I > put in the SSH user name and password. After running the scan the > results keep saying Local Checks Failed due to the credentials > provided for the scan did not allow us to log into the remote host. > I've ssh'd from another box using the same L : P and it worked fine. > Am I missing something here? Thanks... Hi there, When you perform you Nessus scan, are there any SSH error logs on the host you are scanning? Can you SSH from the box that your Nessus scanner is deployed on? Have you tried different valid username/passwords? Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
