Hi Shawn you go far beyond a nvt-database now, isnt it? Or are you reporting an issue with the client (if so, which version?) If its about your own tool, the openvas-devel mailinglist is the more appropriate one.
On Thursday 19 March 2009 15:55:19 Shawn Duffy wrote: > So, I'm setting a username and password in the client prefs as follows: > > SSH Authorization[entry]:SSH login name: <|> USERNAME > SSH Authorization[password]:SSH password (unsafe!): <|> PASSWORD > > I'm also enabling local checks for the operating system of the target. > But, the local checks aren't being triggered. Here are some of the > errors from openvasd.messages and openvasd.dump: * Local Security Checks can be a hairy issue. * If you havent done it yet, enable all debugging stuff in opevasd.conf. * Set "number of [host|checks..] ... concurrently" to 1. * For local checks the server needs to be able to login to the target(s) via ssh. In principle two authorization mechanisms are supported: password and key-based. BUT the responsible nasl-script (ssh_func.inc) does not try both methods but prefers one (will be fixed sooner or later). To complicate matters, for a short time (until OpenVAS is the perfect tool), specification of credentials for LSCs has underwent some improvements, that led to changes in how the ssh_authorization script and the server register the interesting values (user/pwd/public keys) for further use by ssh_fuc.inc . To enjoy the improvements you need to run recent (latest) versions of both client and server and have a fresh ssh_authorization.nasl. Time to answer another of your questions: On Thursday 19 March 2009 15:55:19 Shawn Duffy wrote: > Tired of hearing from me yet? :-) No of course not! In short: 1) You want user/password- based logins? Look at ssh_authorization.nasl and send the respective "deprecated" preferences (should be commented enough, "Use per-target login information" = "no"). 2) You want key-based logins? A bit tougher, you have to send a couple of files, as described in CR #20 (http://openvas.org/openvas-cr-20.html) and set the preference as commented in ssh_authorization.nasl. Drop me a line or ask in IRC if you need details. > openvasd.dump:SSH-DEBUG: Not setting login information for local checks > at a3s-mtc1.itsec.aol.com : No mapping found. The SSH-DEBUG messages come from the attempts using the new feature (per-target setting of credentials). Ignore them if you use the deprecated method. The ssh_authorization.nasl will set then these info. Btw join the IRC channel (http://openvas.org/online-chat.html) and tell us about the progess! enjoy felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
