SOLVED / TUTORIAL - Greenbone Vulnerability Manager 11 remote control - SSH TUNNEL

To successfully remote control a GVM 11 instance, you must set up an SSH tunnel from your host machine (the machine where the python client is hosted) to the GVM machine (where the GVM scanner, tools and libraries are hosted).

a) A Linux machine where your python client runs
b) A Linux machine where your GVM 11 is installed
c) Basic Linux CLI knowledge
d) basic SSH understanding
3) ssh server (port 22) running on the GVM 11 machine


  1. On the client machine edit the /etc/ssh/sshd_config file to allow the ssh tunnelling.

add or edit these lines to the config file:

AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
AllowStreamLocalForwarding yes
  1. restart the ssh service: sudo service ssh restart

  2. Do the same (steps 1 and 2) to the GVM 11 machine

  3. On the client machine, run:
    ssh -nNT -L $(pwd)/gvmd.sock:<remote location of gvmd.sock> <ssh_user>@<remote_host>

  • the -nNT option tells SSH to run -no command, redirect -NULL to stdin, and do not allocate a -TTY. This stops you from running commands over the tunnel you just created. If you want, you can drop those options and ALSO have shell access to the remote; the socket forwarding will work the same either way. (got it from here)
  • the -L option, will tell ssh to create a tunnel between the host and the remote machines
  • The $(pwd)/gvmd.sock part will create a local socket for the python-gvm client to use (locally)
  • you must give read and write permissions :
    – In another terminal, since the above command will run until you manually terminate it, you can run:
    sudo chmod a+w+r gvmd.sock…assuming you are in the same folder as gvmc.sock.
  • location of gvmd.sock may vary, depending on the deployment version. It can be located in /var/run/gvmd.sock, or /usr/local/var/run/gvmd.sock (see tutorial page 5)

NOW you have a local gvmd socket, through which, python-gvm commands will be tunnelled to the remote GVM 11 machine

EnjoY !!