Hi!
I’ve tried to do authenticated scans/checks with clients needing special ssh options for connections to succeed. Is there any way to tell gvm to use these special options connecting to those clients?
If I cant handle those the only thing happening would be:
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 194
debug2: parse_server_config: config /etc/ssh/sshd_config len 194
debug1: sshd version OpenSSH_5.1p1 FreeBSD-20080901
debug1: read PEM private key done: type DSA
debug1: private host key: #0 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-dd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='622'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 622 on ::.
Server listening on :: port 622.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 622 on 0.0.0.0.
Server listening on 0.0.0.0 port 622.
accept: Software caused connection abort
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
debug1: res_init()
Connection from 172.18.8.169 port 60221
Bad protocol version identification '\026\003\001\002' from 172.18.8.169
In most cases these options are such to allow additional or considered as weak encription/hash building functions. For example:
Host fbsd4
Ciphers +aes128-cbc
HostKeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1
Host fbsd5
Ciphers +aes128-cbc
HostKeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1
Host fbsd6
HostKeyAlgorithms +ssh-dss
Host fbsd7
HostKeyAlgorithms +ssh-dss
Would be nice to handle this on a client by client base with possibility to set some default sets used most of the time.
If this is not possible somehow – I’ll request this as an enhacement …!
This is NOT a duplicate! One is a request for special SSH options and how I could tell the ssh-client openvas uses to respect these. The other one is a request to verify ssh logon using passwordless keys with special accounts works at all. These are quite different things!