Hi Scott, Are you putting the SSH username and password of the target server into your scan policy?
The scan results below look like logs generated by an sshd server for typical ssh probes launched by Nessus. I suggest enabling just the local patch audits for RedHat, making sure you have the user/pass of the target host in your scan policy and run this test again. Ron Gula Brown, Scott CTR -Navair - Siap wrote: > Ron - Good morning and thanks for the reply. I've setup another 'fresh' > account on the box to be scanned with the same user rights as the old > one (root, ssh, wheel, adm) and put sshd as the primary group for the > account. I then opened up a SSH session on another linux box and was > able to connect fine with the login / password information. I even > checked the secure logs on the target machine which even showed a solid > connection. I then used that login / password credentials for Nessus > and got the following errors from the targets secure log: > > ===================== > Oct 29 04:01:34 localhost sshd[7406]: Did not receive identification > string from <Scan Machine IP> > Oct 29 04:02:00 localhost sshd[7411]: Invalid user n3ssus from <Scan > Machine IP> > Oct 29 04:02:04 localhost sshd[7712]: Did not receive identification > string from <Scan Machine IP> > Oct 29 04:02:16 localhost sshd[7714]: Protocol major versions differ for > UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0 > Oct 29 04:02:16 localhost sshd[7715]: Protocol major versions differ for > UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0 > Oct 29 04:02:16 localhost sshd[7717]: Protocol major versions differ for > UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0 > Oct 29 04:02:17 localhost sshd[7721]: Connection closed by UNKNOWN > Oct 29 04:02:17 localhost sshd[7713]: Did not receive identification > string from UNKNOWN > Oct 29 04:02:17 localhost sshd[7726]: Connection closed by <Scan Machine > IP> > Oct 29 04:02:17 localhost sshd[7724]: Connection closed by UNKNOWN > Oct 29 04:02:17 localhost sshd[7730]: Protocol major versions differ for > UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-NessusSSH_1.0 > Oct 29 04:02:17 localhost sshd[7733]: Protocol major versions differ for > UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-NessusSSH_1.0 > Oct 29 04:02:17 localhost sshd[7734]: Protocol major versions differ for > UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-NessusSSH_1.0 > Oct 29 04:02:17 localhost sshd[7727]: Invalid user guest from <Scan > Machine IP> > Oct 29 04:02:18 localhost sshd[7410]: Connection closed by <Scan Machine > IP> > Oct 29 04:02:20 localhost sshd[7411]: Excess permission or bad ownership > on file /var/log/btmp > Oct 29 04:02:20 localhost sshd[7412]: input_userauth_request: invalid > user n3ssus > Oct 29 04:02:20 localhost sshd[7412]: Connection closed by <Scan Machine > IP> > Oct 29 04:02:32 localhost sshd[7735]: Did not receive identification > string from <Scan Machine IP> > Oct 29 04:02:32 localhost sshd[7736]: Did not receive identification > string from <Scan Machine IP> > Oct 29 04:02:37 localhost sshd[7718]: Connection closed by <Scan Machine > IP> > Oct 29 04:02:37 localhost sshd[7723]: Connection closed by <Scan Machine > IP> > Oct 29 04:02:37 localhost sshd[7729]: Connection closed by <Scan Machine > IP> > Oct 29 04:02:37 localhost sshd[7727]: Excess permission or bad ownership > on file /var/log/btmp > Oct 29 04:02:37 localhost sshd[7731]: input_userauth_request: invalid > user guest > Oct 29 04:02:37 localhost sshd[7731]: Connection closed by <Scan Machine > IP> > =================================================== > > This scan machine is a RHEL 5.1 Linux box. I was getting the same > errors on the windows scan machine also. Thanks.. > > Scott > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula > Sent: Tuesday, October 28, 2008 18:12 > To: Nessus > Subject: Re: RHEL 5.2 -> Local Checks Failed > > Brown, Scott CTR -Navair - Siap wrote: >> Good afternoon. I'm in a trail process for Nessus and I ran into a >> slight problem. I have a RHEL 5.2 machine which I'd like to scan. I >> created an account on the machine and gave it adm, root, and ssh >> privileges. In the Default Policy -> Credentials -> SSH Settings I >> put in the SSH user name and password. After running the scan the >> results keep saying Local Checks Failed due to the credentials >> provided for the scan did not allow us to log into the remote host. >> I've ssh'd from another box using the same L : P and it worked fine. >> Am I missing something here? Thanks... > > Hi there, > > When you perform you Nessus scan, are there any SSH error logs on the > host you are scanning? > > Can you SSH from the box that your Nessus scanner is deployed on? > > Have you tried different valid username/passwords? > > Ron Gula > Tenable Network Security > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
