Hello,
We were debugging the SSH login problems (reported on IRC) when there are multiple SSH ports on a single IP. The SSH login doesn't work and the problem is in the connection reuse functionality implemented in ssh_func.inc using shared_socket_acquire() and shared_socket_release(). When there are multiple ports listening, processes are forked and they wait endlessly at shared_socket_acquire() call which has an infinite loop. We removed the connection reuse in ssh_func.inc and directly went with creating as many new sockets required and closing them as the job is done, it seems to work fine, login works for both the ports and the local checks work. But, another issue, all of the local checks report the security issues as security_hole(0), not to the specific port. So, even if there are multiple ports, the report is combined into general category, not reported against the respective port. I propose to get rid of the shared socket implementation in ssh_func.inc (performance is same with/without in our testing) and also update the SSH based local checks to report against the respective SSH port than against 0. Nowhere we are using shared socket approach in the Plugins. Any issues with this approach? Any better suggestion? Thanks, Chandra.
_______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
