RE: SSH Credentials problem

Afternoon Ron,

Thanks for your tips and I applied it. The next tests are tomorrow night.
I'll send you the results.

Thanks lads for your help :o)

Thomas Nguyen Van (CEH) | OneIT Technical Security Consultant | OneIT
Operations | BT |  
E: thomas.nguyenvan@bt.com |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899|
www.btireland.com 



-----Original Message-----
From: Ron Gula [mailto:rgula@tenablesecurity.com] 
Sent: 15 January 2007 20:32
To: John Scherff
Cc: Thomas Nguyen Van; nessus@list.nessus.org
Subject: Re: SSH Credentials problem


Something I like to do when diagnosing why SSH credentials might not work
from UNIX to UNIX is to throw sshd into debug mode.

If you set LogLevel to DEBUG in sshd_config and then attempt a login, it
will log exactly why a login attempt failed. Don't forget to put it back to
INFO or to restart sshd when you make changes.

Ron Gula, CTO
Tenable Network Security



John Scherff wrote:
> Thomas,
>
>  
>
> Does your Nessus scanner have a PTR record (reverse-map entry) in the 
> DNS?  Some implementations of sshd have a bug wherein you can't turn 
> off reverse-map checking (setting 'ReverseMappingCheck' to 'no' in the 
> sshd_config file has no effect).
>
>  
>
> Also, are you doing anything with TCP wrappers on the target?
>
>  
>
> John Scherff
>
>  
>
>  
>
>  
>
> ________________________________
>
> From: nessus-bounces@list.nessus.org 
> [mailto:nessus-bounces@list.nessus.org] On Behalf Of Thomas Nguyen Van
> Sent: Tuesday, December 19, 2006 8:26 AM
> To: 'nessus@list.nessus.org'
> Subject: RE: SSH Credentials problem
>
>  
>
>  
>
> Good afternoon,
>
> In addition to my previous mail of today, I would like to add those
> information:
>
> We did the following tests:
> Test 1 - Manual SSH connection to IP_Nessus_Target with password: Ok 
> Test 2 - Manual SSH connection to IP_Nessus_Target with public/private
> keys: Ok 
> Test 3 - Nessus SSH connection to IP_Nessus_Target with password: Ok 
> Test 4 - Nessus SSH connection to IP_Nessus_Target with public/private
> keys: Failed 
>
> The analyse of the /var/adm/messages file on IP_Nessus_Target showed
> that:
> Dec 19 16:05:55 IP_Nessus_Target sshd[13422]: [ID 800047 auth.info] Did
> not receive ident string from IP_Nessus_Scanner.
>
> Dec 19 16:05:56 IP_Nessus_Target sshd[13423]: [ID 800047 auth.info] 
> Could not reverse map address IP_Nessus_Scanner. Dec 19 16:05:56 
> IP_Nessus_Target sshd[13423]: [ID 800047 auth.info] Connection closed 
> by IP_Nessus_Scanner Dec 19 16:06:01 IP_Nessus_Target sshd[13424]: [ID 
> 800047 auth.info] Could not reverse map address IP_Nessus_Scanner.
> Dec 19 16:06:01 IP_Nessus_Target sshd[13424]: [ID 800047 auth.info]
> Connection closed by IP_Nessus_Scanner 
> Dec 19 16:06:01 IP_Nessus_Target sshd[13425]: [ID 800047 auth.info] Did
> not receive ident string from IP_Nessus_Scanner.
>
>  
>
> Do you know why I read the message "Did not receive ident string from 
> IP_Nessus_Scanner." on the Nessus_Target?
>
> Many thanks in advance
> Regards, 
> Thomas 
>
> -----Original Message-----
> From: Thomas Nguyen Van 
> Sent: 19 December 2006 13:04 
> To: 'nessus@list.nessus.org' 
> Subject: SSH Credentials problem 
>
>  
>
> Good afternoon,
>
> I checked your Nessus' FAQ before calling you
> (http://mail.nessus.org/pipermail/nessus/2006-September/msg00186.html)
> and I have quiet the same problem as JeanPaul.
>
> Actually, I activated the plugins "Local Checks Failed" (21745) and 
> scanned a solaris server. On the /var/log/message file, I can see that 
> nessus account was able to connect on the target server:
>
>         Dec 19 13:01:09 Server_Target sshd[7724]: [ID 800047 
> auth.info] Accepted publickey for nessus_account from nessus_server 
> port 56364 ssh2
>
> However, when I checked the .nbe file, I got the error message 
> associated to the plugin 21745 and I can't get any information like 
> security holes or general information with the plugin 12634.
>
> I would really appreciate a clue to understand what happened.
>
> Thanks a million
>
> Thomas
>
>  
>
> BT Communications Ireland Limited
> is a wholly owned subsidiary of BT Group plc 
> Registered in Ireland, Registration No. 141524 
> Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland 
>
> This electronic message contains information (and may contain files) 
> from BT Communications Ireland Limited which may be privileged or 
> confidential. The information is intended to be for the sole use of 
> the
> individual(s) or entity named above. If you are not the intended
> recipient be aware that any disclosure, copying, distribution or use of
> the contents of this information and or files is prohibited. If you have
> received this electronic message in error, please notify us by telephone
> or email (to the numbers or address above) immediately.
> http://www.btireland.ie
>
>
>
>
> ----------------------------------------------------------------------
> --
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus



BT Communications Ireland Limited 
is a wholly owned subsidiary of BT Group plc 
Registered in Ireland, Registration No. 141524 
Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland 

This electronic message contains information (and may contain files) from BT
Communications Ireland Limited which may be privileged or confidential. The
information is intended to be for the sole use of the individual(s) or
entity named above. If you are not the intended recipient be aware that any
disclosure, copying, distribution or use of the contents of this information
and or files is prohibited. If you have received this electronic message in
error, please notify us by telephone or email (to the numbers or address
above) immediately. http://www.btireland.ie

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus