Is it possible to test a script against a remote host using openvas-nasl, if it is a local check?
For example:
$ sudo openvas-nasl -XBdi /var/lib/openvas/plugins/ -t 10.100.2.130 /var/lib/openvas/plugins/Policy/Linux/SystemMaintenance/world_writeable_files.nasl
lib misc-Message: 15:16:44.972: set key 1.3.6.1.4.1.25623.1.0.109818/NOTE → No SSH connection
lib misc-Message: 15:16:44.974: set key 1.3.6.1.4.1.25623.1.0.109818/TEST_TYPE → SSH_Cmd
…
So, I’m trying to figure out how to test ssh authentication based NASL scripts. Running a test that requires ssh auth via the scanner seems to work fine. IT does not seem to work when running the script on the cli via openvas-nasl. As can be seen below, I write entries to the kb which seem to be what the included scripts are using to authenticate (see /var/lib/openvas/plugins/ssh_func.inc). Using the same credentials against the same host manually, works. It fails to authenticate when executing the script:
root@openvas:~# openvas-nasl -Xd -i /var/lib/openvas/plugins/ -t 127.0.0.1 -T foolog -k Secret/SSH/login=openvastest -k Secret/SSH/password=Foo12345 /var/lib/openvas/plugins/ssh_authorization.nasl /var/lib/openvas/plugins/Policy/VistaShare/foo.nasl
It was not possible to login using the provided SSH credentials. Hence authenticated checks are not enabled.
lib misc-Message: 18:00:40.560: set key login/SSH/failed → 1
lib misc-Message: 18:00:40.565: set key login/SSH/failed/port → 22
lib misc-Message: 18:00:40.569: set key login/SSH/failed/reason → It was not possible to login using the provided SSH credentials. Hence authenticated checks are not enabled.
lib misc-Message: 18:00:40.694: set key vt_debug_empty/ → #-#policy_reporting#-#fixtext
lib misc-Message: 18:00:40.698: set key /NOTE → what what
lib misc-Message: 18:00:40.721: set key /TEST_TYPE → SSH_Cmd
lib misc-Message: 18:00:40.724: set key /CMD → fizzywizzy
lib nasl-Message: 18:00:40.728: 28472(policy_functions.inc:51) In function ‘policy_add_oid()’: Syntax error with set_kb_item() [null value for name ‘PolicyOIDs’]lib misc-Message: 18:00:40.737: set key /DEFAULT → blarg
lib misc-Message: 18:00:40.744: set key /FIX → do stuff
lib misc-Message: 18:00:40.753: set key /NAME → Hi mom!
lib misc-Message: 18:00:40.761: set key /RESULT → foo
lib misc-Message: 18:00:40.769: set key /COMPLIANT → incomplete
root@openvas:~# view /var/lib/openvas/plugins/ssh_authorization.nasl
root@openvas:~# openvas-nasl -Xd -i /var/lib/openvas/plugins/ -t 127.0.0.1 -T foolog -k Secret/SSH/login=openvastest -k Secret/SSH/password=Foo12345 /var/lib/openvas/plugins/ssh_authorization.nasl /var/lib/openvas/plugins/Policy/VistaShare/foo.nasl
I imagine I’m doing something stupid. Clearly ssh auth is failing, ostensibly because the provided credentials are wrong. I’m just not seeing an obvious reason why. Perhaps someone else can point me at likely mistakes?
The VT related KB keys and dependency in your command line call looks good.
I would suggest to move the topic into the GSE category (you can edit your first post to change the category) so that a GSE maintainer can have a look if there is e.g. something wrong in openvas-nasl.