I have a question to usage of gvm-cli (version 2.0.0).
openVas V7.0.3 is running on my machine.
I installed gvm-cli, because I’ve read that omp-cli is deprecated.
I try to call the easy request gvm-cli ssh --hostname=localhost --xml “<get_version/>”
After execution I’ve gotten following error: Unable to connect to port 22 on 127.0.0.1
I found, that I should enable ssh, but HOW ??
on the site https://docs.greenbone.net/GSM-Manual/gos-5/de/managing-gos.html#configuring-gmp
I read about ssh activation, but for gsm.
Question: how can I activate ssh or TLS in openvas, so that I have access to openvas via gsm-cli.
Thank you for the answer.
It´s no longer supported, you need a socket and tunnel this.
thank you for your reply.
Should I use openvassd.sock or how can I create and use socket in openvas? do you have documenation about it?
if ssh is not supported anymore, perhaps it is better to remove it from gvm-cli help.
Stop. You are mixing things up.
All three connection types are still supported. Namely
- Unix Domain Socket
This is documented at https://gvm-tools.readthedocs.io/en/latest/connectiontypes.html
Lukas answer did only reflect the situation with our own Greenbone OS (GOS) at our GSM products. We are only supporting unix domain sockets (local connections) and ssh (remote connections) out of the box. If you are using a third party integration like Kali Linux you most likely can only use unix domain sockets without having to adjust some configs/scripts.
ok, when ssh should work for connection between gvm-cli and openvas, then what should I enable for that?
when I try to use ssh, then I get the error, that unable to connect to port 22.
You still didn’t read the docs and my comment. The ssh connection ONLY works for GOS based systems out of the box. If you want to use ssh for remote connections you need to do some sshd setup. The setup isn’t rocket science but we are not going to explain it here in detail.
Your error indicates that:
- The logging software tries to connect (e.g. the gvm-cli seems to work as expected)
- Something blocks it to reach it’s target (e.g. your firewall at the sending or receiving end, or somewhere in between – which is outside the scope of what the supplier of this software manages)
In his case it means he didn’t configure ssh to forward the connection to gvmd. How to establish this is out of scope.
I guess you mean something like:
ssh -L <localport>:<targetIP>:<targetPort>
gmvd runs on a unix domain socket by default…
We are not going to explain our setup for ssh but as I already did wrote this isn’t rocket science.