Ron - Good morning and thanks for the reply. I've setup another 'fresh'
account on the box to be scanned with the same user rights as the old
one (root, ssh, wheel, adm) and put sshd as the primary group for the
account. I then opened up a SSH session on another linux box and was
able to connect fine with the login / password information. I even
checked the secure logs on the target machine which even showed a solid
connection. I then used that login / password credentials for Nessus
and got the following errors from the targets secure log:
=====================
Oct 29 04:01:34 localhost sshd[7406]: Did not receive identification
string from <Scan Machine IP>
Oct 29 04:02:00 localhost sshd[7411]: Invalid user n3ssus from <Scan
Machine IP>
Oct 29 04:02:04 localhost sshd[7712]: Did not receive identification
string from <Scan Machine IP>
Oct 29 04:02:16 localhost sshd[7714]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0
Oct 29 04:02:16 localhost sshd[7715]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0
Oct 29 04:02:16 localhost sshd[7717]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0
Oct 29 04:02:17 localhost sshd[7721]: Connection closed by UNKNOWN
Oct 29 04:02:17 localhost sshd[7713]: Did not receive identification
string from UNKNOWN
Oct 29 04:02:17 localhost sshd[7726]: Connection closed by <Scan Machine
Oct 29 04:02:17 localhost sshd[7724]: Connection closed by UNKNOWN
Oct 29 04:02:17 localhost sshd[7730]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0
Oct 29 04:02:17 localhost sshd[7733]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0
Oct 29 04:02:17 localhost sshd[7734]: Protocol major versions differ for
UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0
Oct 29 04:02:17 localhost sshd[7727]: Invalid user guest from <Scan
Machine IP>
Oct 29 04:02:18 localhost sshd[7410]: Connection closed by <Scan Machine
Oct 29 04:02:20 localhost sshd[7411]: Excess permission or bad ownership
on file /var/log/btmp
Oct 29 04:02:20 localhost sshd[7412]: input_userauth_request: invalid
user n3ssus
Oct 29 04:02:20 localhost sshd[7412]: Connection closed by <Scan Machine
Oct 29 04:02:32 localhost sshd[7735]: Did not receive identification
string from <Scan Machine IP>
Oct 29 04:02:32 localhost sshd[7736]: Did not receive identification
string from <Scan Machine IP>
Oct 29 04:02:37 localhost sshd[7718]: Connection closed by <Scan Machine
Oct 29 04:02:37 localhost sshd[7723]: Connection closed by <Scan Machine
Oct 29 04:02:37 localhost sshd[7729]: Connection closed by <Scan Machine
Oct 29 04:02:37 localhost sshd[7727]: Excess permission or bad ownership
on file /var/log/btmp
Oct 29 04:02:37 localhost sshd[7731]: input_userauth_request: invalid
user guest
Oct 29 04:02:37 localhost sshd[7731]: Connection closed by <Scan Machine
===================================================
This scan machine is a RHEL 5.1 Linux box. I was getting the same
errors on the windows scan machine also. Thanks..
Scott
-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Ron Gula
Sent: Tuesday, October 28, 2008 18:12
To: Nessus
Subject: Re: RHEL 5.2 -> Local Checks Failed
Brown, Scott CTR -Navair - Siap wrote:
> Good afternoon. I'm in a trail process for Nessus and I ran into a
> slight problem. I have a RHEL 5.2 machine which I'd like to scan. I
> created an account on the machine and gave it adm, root, and ssh
> privileges. In the Default Policy -> Credentials -> SSH Settings I
> put in the SSH user name and password. After running the scan the
> results keep saying Local Checks Failed due to the credentials
> provided for the scan did not allow us to log into the remote host.
> I've ssh'd from another box using the same L : P and it worked fine.
> Am I missing something here? Thanks...
Hi there,
When you perform you Nessus scan, are there any SSH error logs on the
host you are scanning?
Can you SSH from the box that your Nessus scanner is deployed on?
Have you tried different valid username/passwords?
Ron Gula
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus