Mailing List Archive

Brown, Scott CTR -Navair - Siap wrote:
> Good afternoon. I'm in a trail process for Nessus and I ran into a
> slight problem. I have a RHEL 5.2 machine which I'd like to scan. I
> created an account on the machine and gave it adm, root, and ssh
> privileges. In the Default Policy -> Credentials -> SSH Settings I put
> in the SSH user name and password. After running the scan the results
> keep saying Local Checks Failed due to the credentials provided for the
> scan did not allow us to log into the remote host. I've ssh'd from
> another box using the same L : P and it worked fine. Am I missing
> something here? Thanks...

Hi there,

When you perform you Nessus scan, are there any SSH error logs on the
host you are scanning?

Can you SSH from the box that your Nessus scanner is deployed on?

Have you tried different valid username/passwords?

Ron Gula
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Ron - Good morning and thanks for the reply. I've setup another 'fresh'
account on the box to be scanned with the same user rights as the old
one (root, ssh, wheel, adm) and put sshd as the primary group for the
account. I then opened up a SSH session on another linux box and was
able to connect fine with the login / password information. I even
checked the secure logs on the target machine which even showed a solid
connection. I then used that login / password credentials for Nessus
and got the following errors from the targets secure log:

=====================
Oct 29 04:01:34 localhost sshd[7406]: Did not receive identification
string from <Scan Machine IP>
Oct 29 04:02:00 localhost sshd[7411]: Invalid user n3ssus from <Scan
Machine IP>
Oct 29 04:02:04 localhost sshd[7712]: Did not receive identification
string from <Scan Machine IP>
Oct 29 04:02:16 localhost sshd[7714]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0
Oct 29 04:02:16 localhost sshd[7715]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0
Oct 29 04:02:16 localhost sshd[7717]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0
Oct 29 04:02:17 localhost sshd[7721]: Connection closed by UNKNOWN
Oct 29 04:02:17 localhost sshd[7713]: Did not receive identification
string from UNKNOWN
Oct 29 04:02:17 localhost sshd[7726]: Connection closed by <Scan Machine
Oct 29 04:02:17 localhost sshd[7724]: Connection closed by UNKNOWN
Oct 29 04:02:17 localhost sshd[7730]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0
Oct 29 04:02:17 localhost sshd[7733]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0
Oct 29 04:02:17 localhost sshd[7734]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0
Oct 29 04:02:17 localhost sshd[7727]: Invalid user guest from <Scan
Machine IP>
Oct 29 04:02:18 localhost sshd[7410]: Connection closed by <Scan Machine
Oct 29 04:02:20 localhost sshd[7411]: Excess permission or bad ownership
on file /var/log/btmp
Oct 29 04:02:20 localhost sshd[7412]: input_userauth_request: invalid
user n3ssus
Oct 29 04:02:20 localhost sshd[7412]: Connection closed by <Scan Machine
Oct 29 04:02:32 localhost sshd[7735]: Did not receive identification
string from <Scan Machine IP>
Oct 29 04:02:32 localhost sshd[7736]: Did not receive identification
string from <Scan Machine IP>
Oct 29 04:02:37 localhost sshd[7718]: Connection closed by <Scan Machine
Oct 29 04:02:37 localhost sshd[7723]: Connection closed by <Scan Machine
Oct 29 04:02:37 localhost sshd[7729]: Connection closed by <Scan Machine
Oct 29 04:02:37 localhost sshd[7727]: Excess permission or bad ownership
on file /var/log/btmp
Oct 29 04:02:37 localhost sshd[7731]: input_userauth_request: invalid
user guest
Oct 29 04:02:37 localhost sshd[7731]: Connection closed by <Scan Machine
===================================================

This scan machine is a RHEL 5.1 Linux box. I was getting the same
errors on the windows scan machine also. Thanks..

Scott


-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Ron Gula
Sent: Tuesday, October 28, 2008 18:12
To: Nessus
Subject: Re: RHEL 5.2 -> Local Checks Failed

Brown, Scott CTR -Navair - Siap wrote:
> Good afternoon. I'm in a trail process for Nessus and I ran into a
> slight problem. I have a RHEL 5.2 machine which I'd like to scan. I
> created an account on the machine and gave it adm, root, and ssh
> privileges. In the Default Policy -> Credentials -> SSH Settings I
> put in the SSH user name and password. After running the scan the
> results keep saying Local Checks Failed due to the credentials
> provided for the scan did not allow us to log into the remote host.
> I've ssh'd from another box using the same L : P and it worked fine.
> Am I missing something here? Thanks...

Hi there,

When you perform you Nessus scan, are there any SSH error logs on the
host you are scanning?

Can you SSH from the box that your Nessus scanner is deployed on?

Have you tried different valid username/passwords?

Ron Gula
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Brown, Scott CTR -Navair - Siap wrote:

> Good afternoon. I'm in a trail process for Nessus and I ran into a
> slight problem. I have a RHEL 5.2 machine which I'd like to scan. I
> created an account on the machine and gave it adm, root, and ssh
> privileges. In the Default Policy -> Credentials -> SSH Settings I
> put
> in the SSH user name and password. After running the scan the results
> keep saying Local Checks Failed due to the credentials provided for
> the
> scan did not allow us to log into the remote host. I've ssh'd from
> another box using the same L : P and it worked fine. Am I missing
> something here? Thanks...

Howdi,

I am having a very similar problem using both Nessus 3.2.1 Server and
Client on a mac OSX 10.4 and 10.5 workstation. I'm trying to scan
with ssh credentials and can actually log in on about 25% of OSX
targets hosts. The accounts are created for "root" scanning only.
The account credentials are identical. The error is the same as the
failed results identified with RGEL.

I'm open to any ideas to try

Thanks

Ron Backman
Network Security Officer
NAWCWD China Lake, CA
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Hi Scott,

Are you putting the SSH username and password of the target server into
your scan policy?

The scan results below look like logs generated by an sshd server for
typical ssh probes launched by Nessus.

I suggest enabling just the local patch audits for RedHat, making sure
you have the user/pass of the target host in your scan policy and run
this test again.

Ron Gula

Brown, Scott CTR -Navair - Siap wrote:
> Ron - Good morning and thanks for the reply. I've setup another 'fresh'
> account on the box to be scanned with the same user rights as the old
> one (root, ssh, wheel, adm) and put sshd as the primary group for the
> account. I then opened up a SSH session on another linux box and was
> able to connect fine with the login / password information. I even
> checked the secure logs on the target machine which even showed a solid
> connection. I then used that login / password credentials for Nessus
> and got the following errors from the targets secure log:
>
> =====================
> Oct 29 04:01:34 localhost sshd[7406]: Did not receive identification
> string from <Scan Machine IP>
> Oct 29 04:02:00 localhost sshd[7411]: Invalid user n3ssus from <Scan
> Machine IP>
> Oct 29 04:02:04 localhost sshd[7712]: Did not receive identification
> string from <Scan Machine IP>
> Oct 29 04:02:16 localhost sshd[7714]: Protocol major versions differ for
> UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0
> Oct 29 04:02:16 localhost sshd[7715]: Protocol major versions differ for
> UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0
> Oct 29 04:02:16 localhost sshd[7717]: Protocol major versions differ for
> UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0
> Oct 29 04:02:17 localhost sshd[7721]: Connection closed by UNKNOWN
> Oct 29 04:02:17 localhost sshd[7713]: Did not receive identification
> string from UNKNOWN
> Oct 29 04:02:17 localhost sshd[7726]: Connection closed by <Scan Machine
> IP>
> Oct 29 04:02:17 localhost sshd[7724]: Connection closed by UNKNOWN
> Oct 29 04:02:17 localhost sshd[7730]: Protocol major versions differ for
> UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0
> Oct 29 04:02:17 localhost sshd[7733]: Protocol major versions differ for
> UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0
> Oct 29 04:02:17 localhost sshd[7734]: Protocol major versions differ for
> UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0
> Oct 29 04:02:17 localhost sshd[7727]: Invalid user guest from <Scan
> Machine IP>
> Oct 29 04:02:18 localhost sshd[7410]: Connection closed by <Scan Machine
> IP>
> Oct 29 04:02:20 localhost sshd[7411]: Excess permission or bad ownership
> on file /var/log/btmp
> Oct 29 04:02:20 localhost sshd[7412]: input_userauth_request: invalid
> user n3ssus
> Oct 29 04:02:20 localhost sshd[7412]: Connection closed by <Scan Machine
> IP>
> Oct 29 04:02:32 localhost sshd[7735]: Did not receive identification
> string from <Scan Machine IP>
> Oct 29 04:02:32 localhost sshd[7736]: Did not receive identification
> string from <Scan Machine IP>
> Oct 29 04:02:37 localhost sshd[7718]: Connection closed by <Scan Machine
> IP>
> Oct 29 04:02:37 localhost sshd[7723]: Connection closed by <Scan Machine
> IP>
> Oct 29 04:02:37 localhost sshd[7729]: Connection closed by <Scan Machine
> IP>
> Oct 29 04:02:37 localhost sshd[7727]: Excess permission or bad ownership
> on file /var/log/btmp
> Oct 29 04:02:37 localhost sshd[7731]: input_userauth_request: invalid
> user guest
> Oct 29 04:02:37 localhost sshd[7731]: Connection closed by <Scan Machine
> IP>
> ===================================================
>
> This scan machine is a RHEL 5.1 Linux box. I was getting the same
> errors on the windows scan machine also. Thanks..
>
> Scott
>
>
> -----Original Message-----
> From: nessus-bounces@list.nessus.org
> [mailto:nessus-bounces@list.nessus.org] On Behalf Of Ron Gula
> Sent: Tuesday, October 28, 2008 18:12
> To: Nessus
> Subject: Re: RHEL 5.2 -> Local Checks Failed
>
> Brown, Scott CTR -Navair - Siap wrote:
>> Good afternoon. I'm in a trail process for Nessus and I ran into a
>> slight problem. I have a RHEL 5.2 machine which I'd like to scan. I
>> created an account on the machine and gave it adm, root, and ssh
>> privileges. In the Default Policy -> Credentials -> SSH Settings I
>> put in the SSH user name and password. After running the scan the
>> results keep saying Local Checks Failed due to the credentials
>> provided for the scan did not allow us to log into the remote host.
>> I've ssh'd from another box using the same L : P and it worked fine.
>> Am I missing something here? Thanks...
>
> Hi there,
>
> When you perform you Nessus scan, are there any SSH error logs on the
> host you are scanning?
>
> Can you SSH from the box that your Nessus scanner is deployed on?
>
> Have you tried different valid username/passwords?
>
> Ron Gula
> Tenable Network Security
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus