Constantly getting SSH login failures

Hi. I’ve been testing OpenVAS for a while now, but it always seems to fail to login to about half of my servers through SSH. It’s very inconsistent and this is with AWS EC2.

This is the error I see in the report.

**Vulnerability Detection Result**

It was not possible to login using the provided SSH credentials. Hence authenticated checks are not enabled.

This is the only SSH-related error I see in openvassd.log

Failed to set SSH key type 'rsa-sha2-256': Setting method: no algorithm for method "server host key algo" (rsa-sha2-256)

Here’s what I’ve tried so far…

  • Reduced the scanning concurrency levels to 1
  • Switching between RSA and ed25519 SSH user keys
  • Generating new SSH host keys on all servers
  • Checking SSH logs while the OpenVAS scanner runs

Does anyone else get this behavior? What else can I check? I’m completely stumped and I’d really like to use OpenVAS, but it’s been very unreliable and inconsistent.

Could you please specify if you’re really using the Community Edition (GCE) which is the ready to use virtual machine provided by Greenbone or are you using a self installed Source Edition (GSE)?

Sorry I’m actually using the source edition. I installed openvas 9 myself.

I would look into your libssh, that is most likely one source of issue. If you do scan from outside INTO or from inside OUTOFF AWS i would strongly suggest to read the T&C from AWS to check if you are legally allowed to do what you plan to do.It might be not an Greenbone or a Issue with you SSH keys it could be a issue with the AWS infrastructure as well :wink:

This might be interesting for you as well:

1 Like

All of the servers I’m trying to scan have the latest packages installed. Or did you mean libssh on the OpenVAS server?

I run the scans within the same VPC (same network) as the EC2 instances I’m trying to scan. I used to submit request forms to Amazon before running the scans, but that link you shared specifically says, “Effective immediately, AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services.”. EC2 is one of those 8 services.

I mean the libssh that you linked against your self build GVM.

1 Like

I guess I failed to explain what my setup is. I simply installed openvas through yum. I didn’t build from source or do any sort of make, make install, library linking, etc. Sorry.

I used this as a guide.

Most likely your operating system is providing an outdated version of the libssh library not supporting some of the algorithms enforced by the remote SSH service (e.g. more recent SSH server versions, hardening of the sshd_config of the remote service, …).

The following VT should give you a brief overview over the supported algorithms by the remote host and which prerequisites (minimum libssh versio, build against a specific library, …) are required:

SSH Login Failed For Authenticated Checks (OID:

This is in conflict of your previous post. If you use a 3rd party packet we can´t help you here. Please get back to the packet maintainer.