Yes, that's right. The fingerprint is the problem.
But with the user nobody is not so simple to implement.
root@sv-openvas /tmp # su - nobody -s /bin/bash
No directory, Registration withHOME=/
nobody@sv-openvas:/tmp$ scp -o HashKnownHosts=no test.csv
[email protected]:/root/csv-reports
Could not create directory '/nonexistent/.ssh'.
The authenticity of host '192.168.1.119 (192.168.1.119)' can't be
established.
ECDSA key fingerprint is 21:8d:fc:b5:42:40:aa:b7:e6:40:f5:f3:2c:b3:be:00.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts
(/nonexistent/.ssh/known_hosts).
The user has no home directory.
root@sv-openvas /tmp # cat /etc/passwd | grep nobody
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
Actually I would like to make no changes to the user.
But there is another variation that works.
Adding the parameter "-o StrictHostKeyChecking=no" solved the problem.
The more elegant method is the following:
I run the script as root and get the fingerprint into the known_hosts
root@sv-openvas ~ # scp -o StrictHostKeyChecking=no test.csv
[email protected]:/root/csv-reports
Warning: Permanently added '192.168.1.119' (ECDSA) to the list of known
hosts.
[email protected]'s password:
Then I copy the content of known_hosts in the field "Known Hosts:" in
the gui.
root@sv-openvas /tmp # cat /root/.ssh/known_hosts
|1|4O1k4wlSOacMxEIpabbreZRASYM=|RPlTCrLdtfReZrDCJbKoYWxUJBQ=
ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAVIOC6bL2LuSMkl5JZIf0VyahpFAinllgpQaNjw7S2dy/vkRMs9vP6jPzGrFkq2hFRtzvdB+5HQA/HSGcf4CmE=
Would be somehow easier if there was a documentation. :-)
https://joedsweb.wordpress.com/2017/02/23/openvas-using-the-alert-methode-scp/
But ultimately it works.
Thank you for the support, I will continue to test and report here.
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
