Authentication failed with gvm-cli


#1

Hello

I am running GCE 4.2.24 and gvm-cli 1.4.1
I am trying to use gvm-cli from my PC to create a target :
gvm-cli ssh --log INFO --gmp-username cliuser --gmp-password clipassword --hostname 123.134.145.156 --xml “<create_target>Suspect Host1.2.3.4</create_target>”

I am always getting “Authentication failed.” error
gvm-cli.log shows:
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_6.7p1)
INFO:paramiko.transport:Authentication (password) failed.

cliuser is defined as admin user and can connect through the web interface.

I found in documentation that GMP should be activated in the setup menu but don’t have such an option.
Am I missing something?

thanks for your help


#2

Hi,

you may need to set the ssh user and password to login at the virtual machine. Currently I don’t know if the SSH server is accessible from the outside nor the ssh username.

Also you should update to gvm-tools 2.0.0.beta1 for using username/password ssh authentication. See gvm-cli ssh --help for the --ssh switch details.


#3

Hi,

the GCE doesn’t provide the GMP/OMP API as described here:

This is probably also the reason why you can’t find how to enable/activate GMP within the setup menu.


#5

I was having the same problem, and reading the post accepted as an answer, thought it was done, but if you put the authentication xml in the command line, it will probably work. That is, something like: gvm-cli socket --socketpath=/var/run/openvasmd.sock --xml “admin_useradmin_password<start_task task_id=‘6c6ea627-a908-4129-9ad9-dfce72f4609f’/>”

I’ve done a create_target that wasy as well. The other thing I’ve found is that you have to be root, and you need to put in the socketpath. I installed mine from the Ubuntu Repo, so there may be differences, but those things worked for me (after a lot of head banging)


#6

Hi,

the socket connection type should be used for GSE based installations usually. The --socketpath argument must point to the socket provided by gvmd/openvasmd. We don’t have this path under control and different distributions use different paths. See for example the following topic

The other connection types are mostly for GOS 3.1 (TLS) and GOS 4 (SSH) on GSMs .

You need normal unix file permissions to be able to access the unix socket of gvmd/openvasmd. Therefore you can adjust the permissions, user and group of the socket via gvmd/openvasmd parameters. You should NOT run any python script as root user only to avoid caring about file permission settings.

We are currently in a process of writing (better) user documentation for gvm-tools. See https://gvm-tools.readthedocs.io/en/latest/ for a first draft.