Re: [Open-scap] SCAP workbench on Windows 7
Hi, Could someone help in setting up public-private key for SCAP-workbench on Windows 7 to be able to perform remote scan. Thanks, Sachin On Thu, 1/11/18, Sachin Vyas wrote: Subject: Re: [Open-scap] SCAP workbench on Windows 7 To: open-scap-list@redhat.com, "Watson Yuuma Sato" Date: Thursday, January 11, 2018, 4:23 PM Thank you for the response. SCAP workbench installed under C:\Program Files (x86)\scap-workbench on Windows 7( This is the dir which has ssh binary - ssh.exe ) . As per Martin it is possible to avoid win-ssh-askpass prompt if one has private ssh key setup but I can't make it work so if someone can suggest how to set up ssh public-private key for SCAP workbench on Windows ( Win7 ) I will be thankful. Regards, Sachin On Thu, 1/11/18, Watson Yuuma Sato wrote: Subject: Re: [Open-scap] SCAP workbench on Windows 7 To: open-scap-list@redhat.com Date: Thursday, January 11, 2018, 1:49 PM On 11/01/18 14:40, Watson Yuuma Sato wrote: > > But if you are going to setup a remote Linux machine, it might be > easier to just use CLI oscap-ssh, > which is what SCAP Workbench relies on. > Sorry, SCAP Workbench does not rely on oscap-ssh. But you still can use it if on remote Linus machine. ;) -- Watson Sato Security Technologies | Red Hat, Inc ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] SCAP workbench on Windows 7
Hi, Since facing issue with SCAP workbench on Windows 7, installed SCAP workbench on remote Linux machine and started vnc and then /usr/bin/scap-workbench on it. It shows the GUI and all the options. I select remote scan and provide username and hostname and click scan but get this error (gnome-ssh-askpass:20956): Gtk-WARNING **: cannot open display: :0 Permission denied, please try again. (gnome-ssh-askpass:20957): Gtk-WARNING **: cannot open display: :0 Permission denied, please try again. (gnome-ssh-askpass:20958): Gtk-WARNING **: cannot open display: :0 Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). How can I fix it. Regards,Sachin On Thursday, January 11, 2018 6:14 PM, Sachin Vyas wrote: Hello, Could someone please help how to set up Scap Workbench on Windows 7 to perform remote machine scan using public-private key. I have not been able to resolve the win-ssh-askpass prompt issue. Thanks, Sachin On Wed, 1/10/18, Sachin Vyas wrote: Subject: SCAP workbench on Windows 7 To: open-scap-list@redhat.com Date: Wednesday, January 10, 2018, 11:55 AM Hi, I am trying to use scap-workbench-1.1.5 on Windows 7 to scan a remote RHEL 6 machine and facing issue described in https://martin.preisler.me/2015/03/openscap-and-scap-workbench-on-windows-part-2/ win-ssh-askpass prompts repeatedly for - i) establishing authenticity of host ii) yes/no iii) password for username used in username@hostname in dialog box. Could someone tell me what input is expected for i) and ii) and how to avoid repeated prompt from win-ssh-askpass? Have gone thru' the link above which says we can setup ssh public/private key but not sure how to do it. Specifying -i in username@hostname workbench UI did not help. Goal is to perform remote scan using SCAP workbench on Windows 7. If SCAP workbench on Windows 7 has issues and won't work, can I deploy SCAP workbench on remote Linux machine (don't have Linux workstation ) and start vnc session for GUI and then do remote scan if it would work. Appreciate any input. Thanks, Sachin ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] SCAP workbench on Windows 7
On 01/17/2018 03:20 PM, Sachin Vyas wrote: Since facing issue with SCAP workbench on Windows 7, installed SCAP workbench on remote Linux machine and started vnc and then /usr/bin/scap-workbench on it. It shows the GUI and all the options. I select remote scan and provide username and hostname and click scan but get this error (gnome-ssh-askpass:20956): Gtk-WARNING **: cannot open display: :0 Permission denied, please try again. (gnome-ssh-askpass:20957): Gtk-WARNING **: cannot open display: :0 Permission denied, please try again. (gnome-ssh-askpass:20958): Gtk-WARNING **: cannot open display: :0 Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). So you're saying that you VNC to the Linux box, log in as some Linux user, run scap-workbench (still on that remote Linux box). Then you run a remote scan against a third box? Try running the whole thing from the physical console of your new LInux box---I wonder if there's some confusion with passing along X from the third box to the second one and back to your desktop. ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] SCAP workbench on Windows 7
On 01/17/2018 10:11 PM, Przemek Klosowski wrote: On 01/17/2018 03:20 PM, Sachin Vyas wrote: Since facing issue with SCAP workbench on Windows 7, installed SCAP workbench on remote Linux machine and started vnc and then /usr/bin/scap-workbench on it. It shows the GUI and all the options. I select remote scan and provide username and hostname and click scan but get this error (gnome-ssh-askpass:20956): Gtk-WARNING **: cannot open display: :0 Permission denied, please try again. (gnome-ssh-askpass:20957): Gtk-WARNING **: cannot open display: :0 Permission denied, please try again. (gnome-ssh-askpass:20958): Gtk-WARNING **: cannot open display: :0 Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). So you're saying that you VNC to the Linux box, log in as some Linux user, run scap-workbench (still on that remote Linux box). Then you run a remote scan against a third box? Try running the whole thing from the physical console of your new LInux box---I wonder if there's some confusion with passing along X from the third box to the second one and back to your desktop. ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list Hello, this is known bug https://bugzilla.redhat.com/show_bug.cgi?id=1464615 I am sorry Sachin that SCAP Workbench shows so many problems within your usecase. Can you try some of these tips: https://stackoverflow.com/questions/18642331/start-vncserver-on-0-instead-of-1 Hope it helps, Marek ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list