[Openvas-devel] [openvas-Bugs][1502] SSH errors during scan when using public-private key pairs

openvas-bugs@wald.intevation.org openvas-bugs at wald.intevation.org
Fri May 14 15:36:06 CEST 2010


Bugs item #1502, was opened at 2010-05-14 09:36
Status: Open
Priority: 3
Submitted By: John Bradley (jbradley)
Assigned to: Nobody (None)
Summary: SSH errors during scan when using public-private key pairs 
Architecture: None
Resolution: None
Severity: None
Version: None
Component: None
Operating System: Linux
Product: OpenVAS
Hardware: None
URL: 


Initial Comment:
I am running OpenVAS (current stable versions as of May 14, 2010, built from source) on a 64-bit Ubuntu 10.04 machine (OpenVAS's dependencies have been installed from repository). I am trying to use the LSC Credentials Manager to safely create an account on my target Linux machines. I can create the credentials and local accounts, and I can use them to manually log into the target machines (AFTER I manually chmod the private key to 600). However, the credentials fail through OpenVAS.


In the targets' authlogs, I get the following errors that I believe are related to this issue:

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=aeon user=openvas
error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106)
error: ssh_rsa_verify: len 257 > modlen 256


The following will appear in a report after a scan:

SSH LOG MESSAGE:
Reported by NVT "Determine OS and list of installed packages via SSH login" (1.3.6.1.4.1.25623.1.0.50282):

Public key authentication failed.

SSH SECURITY NOTE
Reported by NVT "SSH Authorization" (1.3.6.1.4.1.25623.1.0.90022):

It was not possible to login using the SSH crendentials supplied.
Hence local security checks are not enabled.


I receive these errors whether I use generated credentials or manually-created credentials using instructions from the documentation. Example target machines include a 64-bit Ubuntu 10.04 server and a 32-bit Ubuntu 9.10 workstation. Password-based authentication works fine but is impractical.

Thanks for your help!

----------------------------------------------------------------------

You can respond by visiting: 
http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1502&group_id=29


More information about the Openvas-devel mailing list