subject:"\[Openvas\-discuss\] SSH Authorization Check fails on OpenSSH 7.x"

Re: [Openvas-discuss] SSH Authorization Check fails on OpenSSH 7.x

2016-06-23 Thread Test Test

Thanks, it worked. libssh update was enough to make it work.

2016-06-18 11:57 GMT+03:00 Chris :

> >Should I rebuild libssh only or OpenVAS too? Any suggestions about
> >libssh
> >version? Last one?
>
> As i don't have any other applications depending on libssh i have
> installed 0.7.3 to /usr/local and build OpenVAS against it.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SSH Authorization Check fails on OpenSSH 7.x

2016-06-18 Thread Chris

>Should I rebuild libssh only or OpenVAS too? Any suggestions about
>libssh
>version? Last one?

As i don't have any other applications depending on libssh i have installed 
0.7.3 to /usr/local and build OpenVAS against it.
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SSH Authorization Check fails on OpenSSH 7.x

2016-06-17 Thread Chris

Hi,

> # yum list installed | grep libssh
> libssh.x86_64

depending on the used key algorithms you might need to use / rebuild against a 
newer libssh:

https://lists.wald.intevation.org/pipermail/openvas-discuss/2016-May/009582.html
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] SSH Authorization Check fails on OpenSSH 7.x

2016-06-17 Thread Test Test

Greetings. I'm trying to set up OpenVAS to perform SSH login dependent
checks during remote host scans. To test how it works I've created a short
scan config that include

SSH Authorization Check (1.3.6.1.4.1.25623.1.0.90022)
SSH Login Failed For Authenticated Checks (1.3.6.1.4.1.25623.1.0.10593

and a couple of other SSH related vulnerability checks. It works fine when
I scan hosts that have OpenSSH prior to 7.x installed but I get "It was not
possible to login using the provided SSH credentials" with OpenSSH 7.x
hosts. I'm getting no luck with both FreeBSD 10 (OpenSSH 7.2 in base
distribution) and CentOS 6 (OpenSSH 7.2 compiled from sources) hosts.

Here is how sshd logs look during OpenVAS login attempt failure on
CentOS/OpenSSH 7.2 box:

Jun  8 12:42:54 centoshost sshd[22987]: debug1: Forked child 23742.
Jun  8 12:42:54 centoshost sshd[23742]: debug1: Set
/proc/self/oom_score_adj to 0
Jun  8 12:42:54 centoshost sshd[23742]: debug1: rexec start in 4 out 4
newsock 4 pipe 6 sock 7
Jun  8 12:42:54 centoshost sshd[23742]: debug1: inetd sockets after
dupping: 3, 3
Jun  8 12:42:54 centoshost sshd[23742]: Connection from 
port  on  port 
Jun  8 12:42:54 centoshost sshd[23742]: debug1: Client protocol version
2.0; client software version libssh-0.5.5
Jun  8 12:42:54 centoshost sshd[23742]: debug1: no match: libssh-0.5.5
Jun  8 12:42:54 centoshost sshd[23742]: debug1: Enabling compatibility mode
for protocol 2.0
Jun  8 12:42:54 centoshost sshd[23742]: debug1: Local version string
SSH-2.0-OpenSSH_7.2
Jun  8 12:42:54 centoshost sshd[23742]: debug1: permanently_set_uid: 74/74
[preauth]
Jun  8 12:42:54 centoshost sshd[23742]: debug1: list_hostkey_types:
ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jun  8 12:42:54 centoshost sshd[23742]: debug1: SSH2_MSG_KEXINIT sent
[preauth]
Jun  8 12:42:54 centoshost sshd[23742]: Connection closed by
 port  [preauth]
Jun  8 12:42:54 centoshost sshd[23742]: debug1: do_cleanup [preauth]
Jun  8 12:42:54 centoshost sshd[23742]: debug1: do_cleanup
Jun  8 12:42:54 centoshost sshd[23742]: debug1: Killing privsep child 23743

Part of sshd logs during successful OpenVAS login on CentOS/OpenSSH 5.3:

Jun  8 13:35:48 centoshost sshd[2447]: debug1: Forked child 2493.
Jun  8 13:35:48 centoshost sshd[2493]: Set /proc/self/oom_score_adj to 0
Jun  8 13:35:48 centoshost sshd[2493]: debug1: rexec start in 5 out 5
newsock 5 pipe 7 sock 8
Jun  8 13:35:48 centoshost sshd[2493]: debug1: inetd sockets after dupping:
3, 3
Jun  8 13:35:48 centoshost sshd[2493]: Connection from 
port 
Jun  8 13:35:48 centoshost sshd[2493]: debug1: Client protocol version 2.0;
client software version libssh-0.5.5
Jun  8 13:35:48 centoshost sshd[2493]: debug1: no match: libssh-0.5.5
Jun  8 13:35:48 centoshost sshd[2493]: debug1: Enabling compatibility mode
for protocol 2.0
Jun  8 13:35:48 centoshost sshd[2493]: debug1: Local version string
SSH-2.0-OpenSSH_5.3
Jun  8 13:35:48 centoshost sshd[2494]: debug1: permanently_set_uid: 74/74
Jun  8 13:35:48 centoshost sshd[2494]: debug1: list_hostkey_types:
ssh-rsa,ssh-dss
Jun  8 13:35:48 centoshost sshd[2494]: debug1: SSH2_MSG_KEXINIT sent
Jun  8 13:35:48 centoshost sshd[2494]: debug1: SSH2_MSG_KEXINIT received
Jun  8 13:35:48 centoshost sshd[2494]: debug1: kex: client->server
aes256-ctr hmac-sha1 none
Jun  8 13:35:48 centoshost sshd[2494]: debug1: kex: server->client
aes256-ctr hmac-sha1 none
Jun  8 13:35:48 centoshost sshd[2494]: debug1: expecting SSH2_MSG_KEXDH_INIT
Jun  8 13:35:48 centoshost sshd[2494]: debug1: SSH2_MSG_NEWKEYS sent
Jun  8 13:35:48 centoshost sshd[2494]: debug1: expecting SSH2_MSG_NEWKEYS
Jun  8 13:35:48 centoshost sshd[2494]: debug1: SSH2_MSG_NEWKEYS received
Jun  8 13:35:48 centoshost sshd[2494]: debug1: KEX done
Jun  8 13:35:48 centoshost sshd[2494]: debug1: userauth-request for user
 service ssh-connection method none
Jun  8 13:35:48 centoshost sshd[2494]: debug1: attempt 0 failures 0
Jun  8 13:35:48 centoshost sshd[2493]: debug1: PAM: initializing for
""
Jun  8 13:35:48 centoshost sshd[2493]: debug1: PAM: setting PAM_RHOST to
""
Jun  8 13:35:48 centoshost sshd[2493]: debug1: PAM: setting PAM_TTY to "ssh"
Jun  8 13:35:48 centoshost sshd[2494]: debug1: userauth-request for user
 service ssh-connection method password
...

Any ideas what can be done?

My openvas-check-setup results:

# openvas-check-setup --v8 --server
openvas-check-setup 2.3.0
  Test completeness and readiness of OpenVAS-8
  (add '--v6' or '--v7' or '--9'
   if you want to check for another OpenVAS version)

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
problem.

Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.0.5.
OK: OpenVAS Scanner CA Certificate is present as
/var/lib/openvas/CA/cacert.pem.
OK: NVT collection in

Re: [Openvas-discuss] SSH Authorization Check fails on OpenSSH 7.x

Re: [Openvas-discuss] SSH Authorization Check fails on OpenSSH 7.x

Re: [Openvas-discuss] SSH Authorization Check fails on OpenSSH 7.x

[Openvas-discuss] SSH Authorization Check fails on OpenSSH 7.x

4 matches

Site Navigation

Mail list logo

Footer information