[Openvas-devel] [openvas-Bugs][1502] SSH errors during scan when using public-private key pairs

openvas-bugs@wald.intevation.org openvas-bugs at wald.intevation.org
Fri May 14 15:36:06 CEST 2010

Bugs item #1502, was opened at 2010-05-14 09:36
Status: Open
Priority: 3
Submitted By: John Bradley (jbradley)
Assigned to: Nobody (None)
Summary: SSH errors during scan when using public-private key pairs 
Architecture: None
Resolution: None
Severity: None
Version: None
Component: None
Operating System: Linux
Product: OpenVAS
Hardware: None

Initial Comment:
I am running OpenVAS (current stable versions as of May 14, 2010, built from source) on a 64-bit Ubuntu 10.04 machine (OpenVAS's dependencies have been installed from repository). I am trying to use the LSC Credentials Manager to safely create an account on my target Linux machines. I can create the credentials and local accounts, and I can use them to manually log into the target machines (AFTER I manually chmod the private key to 600). However, the credentials fail through OpenVAS.

In the targets' authlogs, I get the following errors that I believe are related to this issue:

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=aeon user=openvas
error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106)
error: ssh_rsa_verify: len 257 > modlen 256

The following will appear in a report after a scan:

Reported by NVT "Determine OS and list of installed packages via SSH login" (

Public key authentication failed.

Reported by NVT "SSH Authorization" (

It was not possible to login using the SSH crendentials supplied.
Hence local security checks are not enabled.

I receive these errors whether I use generated credentials or manually-created credentials using instructions from the documentation. Example target machines include a 64-bit Ubuntu 10.04 server and a 32-bit Ubuntu 9.10 workstation. Password-based authentication works fine but is impractical.

Thanks for your help!


You can respond by visiting: 

More information about the Openvas-devel mailing list