As turns out, it was a firewall issue on the target box. Although I could SSH to the target from a terminal commandline, after reviewing the firewall rules I can see why OpenVAS could not. In our default iptables config we specify a hit count (which is not be a problem for manual logins), and OpenVAS likely hammered the port causing SSHD on the target to quit responding.
Thanks again, Ted... ########################################################## Thanks for Christians earlier reply and request for more information. In regards to the issue I'm having where OpenVAS does not appear to SSH into a target machine using the credentials created. I followed previous advice and added ssh debugging on the target box, log_whole_attack etc, and gathered more information. A few interesting notes: 1. Upon openvas-start fhe following is added to openvasmd.log: "lib auth: INFO:2016-11-10 15h09.37 utc:2383: Authentication configuration not found" 2. SSH Authentication to the target failed during the scan 3. SSH debugging as well as /var/log/secure on the target does not even show that there was an attempt to log in from the OpenVAS Workstation. Below is some additional information. Any help with this would be appreciated... A P P L I C A T I O N S E R V E R ( T A R G E T ): Centos 6.8 Allows keys and or password authentication SSH Debugging enabled O P E N V A S W O R K S T A T I O N : Kali Rolling OpenVAS 8 O P E N V A S C O N F I G (/etc/openvas/openvassd.conf): kb_location=/var/lib/redis/redis.sock max_checks=15 log_whole_attack=yes T A R G E T D E T A I L S : Name: TEST2 Comment: My test box.. Hosts: 10.10.1.130 Exclude Hosts: Reverse Lookup Only: No Reverse Lookup Unify: No Maximum number of hosts: 1 Port List: OpenVAS Default Alive Test: Scan Config Default Credentials for authenticated checks: SSH: test2_root on port 22 SMB: ESXi: N O T E : test2_root is a credential created using a username/password combination that does work when I use those credentials from a command line S C A N D E T A I L S : Name: TEST2 Comment: Target: TEST2 Alerts: Schedule: (Next due: over) Add to Assets: yes Alterable Task: no Auto Delete Reports: Do not automatically delete reports Scanner: OpenVAS Default (Type: OpenVAS Scanner) Scan Config: Full and fast Slave: Order for target hosts: Sequential Network Source Interface: Maximum concurrently executed NVTs per host: 15 Maximum concurrently scanned hosts: 10 Status: New Reports: 0 (Finished: 0) Results: 0 Notes: 0 Overrides: 0 openvassd.messages: [Thu Nov 10 15:11:04 2016][2390] openvassd 5.0.7 started [Thu Nov 10 15:26:52 2016][2938] Starts a new scan. Target(s) : 10.10.1.130, with max_hosts = 10 and max_checks = 15 [Thu Nov 10 15:26:52 2016][2938] exclude_hosts: Skipped 0 host(s). [Thu Nov 10 15:26:52 2016][2938] Testing test2 (10.10.1.130) [2957] [Thu Nov 10 15:29:49 2016][2957] Finished testing 10.10.1.130. Time : 177.62 secs [Thu Nov 10 15:29:49 2016][2938] Test complete [Thu Nov 10 15:29:49 2016][2938] Total time to scan all hosts : 184 seconds openvasmd.log lib auth: INFO:2016-11-10 15h09.37 utc:2383: Authentication configuration not found. event task:MESSAGE:2016-11-10 15h26.42 UTC:2937: Status of task TEST2 (10bb59f1-7506-427f-82c4-0d2c10d5b42f) has changed to Requested event task:MESSAGE:2016-11-10 15h26.42 UTC:2937: Task TEST2 (10bb59f1-7506-427f-82c4-0d2c10d5b42f) has been requested to start by admin event task:MESSAGE:2016-11-10 15h26.46 UTC:2939: Status of task TEST2 (10bb59f1-7506-427f-82c4-0d2c10d5b42f) has changed to Running event task:MESSAGE:2016-11-10 15h29.54 UTC:2939: Status of task TEST2 (10bb59f1-7506-427f-82c4-0d2c10d5b42f) has changed to Done
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
