On Jun 11, 2007, at 8:53 AM, Devitto, Dom wrote:
"However if multiple SSH daemons are running on the remote host, then
problems may occur." -- Renaud
Can you speculate on what those problems could be, e.g. Does the
Nessus
server crash? Only login once per host ? Login repeatedly but
overwrite the
previously collected information each time?
Most likely, in the case of a host running multiple SSH servers, the
"problems" would be that every command really is executed on the
first SSH server that nessusd could log into. So you end up with
duplicate results, and you've executed the same commands twice on the
remote server, but you have results nevertheless.
[I say "most likely" because this set up is not supported and has not
really been tested. The worst-case scenario is that the SSH checks
don't work - period.]
The reason for this behavior is that the SSH session is reused among
plugins, so that we don't log in and out for every command being
executed (which would be suboptimal and would drive your SIM guys
crazy when they see that a user logged in successfully 40 times in
less than 2mn). Instead we connect to the remote host using a special
socket (a 'shared' socket) which can be re-used by other plugins.
Which means that when a plugin tries to log into the remote SSH
server, instead of telling nessusd "I want to connect to the remote
host on port 22", they first ask "Do we have a SSH connection to the
remote host already set up ?". If there is one such connection, then
the plugin re-uses it. And as you probably noticed, the name SSH
connection is not tied to a port.
Now, you'll still have the problem of the same plugin executing the
same command twice on the remote host, which may cause duplicate
results, etc...
-- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
