I’ve tried to do authenticated scans/checks with clients needing special ssh options for connections to succeed. Is there any way to tell gvm to use these special options connecting to those clients?
If I cant handle those the only thing happening would be:
debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 194 debug2: parse_server_config: config /etc/ssh/sshd_config len 194 debug1: sshd version OpenSSH_5.1p1 FreeBSD-20080901 debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug1: rexec_argv='/usr/sbin/sshd' debug1: rexec_argv='-dd' debug1: rexec_argv='-p' debug1: rexec_argv='622' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 622 on ::. Server listening on :: port 622. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 622 on 0.0.0.0. Server listening on 0.0.0.0 port 622. accept: Software caused connection abort debug1: fd 5 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 debug1: res_init() Connection from 172.18.8.169 port 60221 Bad protocol version identification '\026\003\001\002' from 172.18.8.169
In most cases these options are such to allow additional or considered as weak encription/hash building functions. For example:
Host fbsd4 Ciphers +aes128-cbc HostKeyAlgorithms +ssh-dss KexAlgorithms +diffie-hellman-group1-sha1 Host fbsd5 Ciphers +aes128-cbc HostKeyAlgorithms +ssh-dss KexAlgorithms +diffie-hellman-group1-sha1 Host fbsd6 HostKeyAlgorithms +ssh-dss Host fbsd7 HostKeyAlgorithms +ssh-dss
Would be nice to handle this on a client by client base with possibility to set some default sets used most of the time.
If this is not possible somehow – I’ll request this as an enhacement …!
This is NOT a duplicate! One is a request for special SSH options and how I could tell the ssh-client openvas uses to respect these. The other one is a request to verify ssh logon using passwordless keys with special accounts works at all. These are quite different things!