Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SV: SSH localhost checks on FreeBSD

from [Morten Kallesøe] Network Security [Permanent Link]
Subject: SV: SSH localhost checks on FreeBSD
Date: Mon, 18 Oct 2004 16:10:44 +0200 
After mailing with renaud he told me to remove the "hidden" spaces at the
end, now it seams to be working. 23 security holes, auch.

.Morten

-----Oprindelig meddelelse-----
Fra: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
På vegne af Morten Kallesøe
Sendt: 15. oktober 2004 10:24
Til: nessus@list.nessus.org
Emne: SSH localhost checks on FreeBSD

Hello list

I am fighting with the SSH local checks, I cannot figure out if they are
working or not. Is there some kind of indicator that will tell me?
I am running with nessus 2.1.3

I have made the private and public key. The public key is copied onto the
remote server that I want to scan, ~/.ssh/authrozied_keys
.ssh = chmod 0700
authrozied_keys = chmod 0600

My pirvate key is here, /home/morten/keys/nes
My public key is here, /home/morten/keys/nes.pub

The test scan user is ?roffel?

when I do ssh -i /home/morten/keys/nes -l roffel <remote server> I am asked
for the password(hejsa) for the nes key, which is typed ? and I am logged
in.
I get the following in my /var/log/auth.log on the remote server.
sshd[23274]: Accepted publickey for roffel from x.x.x.x

Okay, so I know the key works, that?s a good thing.

Now to the nessus part.

I have this in my config.
SSH settings[file]:SSH public key to use : = /home/morten/keys/nes.pub
SSH settings[file]:SSH private key to use : = /home/morten/keys/nes
SSH settings[password]:Passphrase for SSH key : = hejsa
SSH settings[entry]:SSH user name : = roffel

I have made my config with the update-nessusrc2.32 script by George Theall.
/home/morten/update-nessusrc-2.32 -f "FreeBSD Local Security Checks,Gain
root remotely,General" /home/morten/hosts/remote_server

I run nessus like this. 
nessus -c /home/morten/hosts/remote_server -q localhost 1241 nesmorten
nesmorten /home/morten/ip/remote_server
/home/morten/results/remote_server.html

It runs fine, but I cannot determine if nessus makes local checks or not.

In my /var/log/auth.log on the remote server I get:
Oct 15 10:19:28 wuss sshd[23740]: Did not receive identification string from
x.x.x.x
Oct 15 10:19:54 wuss sshd[23743]: Did not receive identification string from
x.x.x.x
Oct 15 10:20:03 wuss sshd[23746]: Did not receive identification string from
x.x.x.x
Oct 15 10:20:28 wuss login: pam_authenticate(): conversation failure
Oct 15 10:20:28 wuss login: 1 LOGIN FAILURE FROM x.x.x.x
Oct 15 10:20:28 wuss login: 1 LOGIN FAILURE FROM x.x.x.x, dos

In my remote_server.html there is no sign of nessus have made localchecks.
As (http://www.nessus.org/doc/local_reports.png)

Thanks in advanced.
Morten Kallesøe.

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Scan finishes without results, Jesper S. Jensen
Next by Date:  too many open files, Stuart Kendrick
Previous by Thread:  SSH localhost checks on FreeBSD, Morten Kallesøe
Next by Thread:  chown 'ntp:ntp' invalid category, Robert E. Harvey, M.D.
Indexes:  [Date] [Thread] [Top] [All Lists]