Authenticated scan with special SSH options

hafnerst · May 13, 2025, 10:26am

Hello, I need to perform an authenticated scan for a legacy system that only supports SHA1 and RSA with a key length of 1024.

I use the latest Greenbone Community Containers in my setup. In the gvmd container the OpenSSH version 9.2 is installed:

root@de02ae653c95:/# ssh -V
OpenSSH_9.2p1 Debian-2+deb12u5, OpenSSL 3.0.15 3 Sep 2024

I added the file /etc/ssh/ssh_config.d/ssh_legacy.conf to the gvmd container in order to specify the SSH options for this connection:

Host 10.0.0.10
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedKeyTypes +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa
    KexAlgorithms +diffie-hellman-group1-sha1
    RequiredRSASize 1024

After adding the conf file, I am able to connect via SSH in a bash session to the target system. However, when I trigger the authenticated scan via the web GUI, the SSH login attempt fails.

How can I modify the gvmd container in order to allow an ssh connection using the deprecated ssh algorithms mentioned above?

Thanks in advance!

BR,
Steffen

Eero · May 14, 2025, 4:12am

@hafnerst

It might be sensible to try, for example, an installation without containers — such as packaging for Kali Linux — since it’s more flexible in terms of customization.

Eero

cfi · May 19, 2025, 9:00am

Hello,

and welcome to this community forums. The scanner is not using OpenSSH but the libssh library from https://www.libssh.org/ so a lookup of the relevant documentation of that library might be required to determine the configuration support / options for these algorithms.

hafnerst · May 20, 2025, 1:47pm

Thanks for the link. I’lll check the libssh library.
Do you know which Docker container establishes the SSH connection for the authenticated scan to the target host?

Thank in advance!