Authentication error when executing GMP commands via gvm-cli: issues with task management

How To
1

Hello, Greenbone community!

I’m encountering an issue when trying to manage tasks via GVM-CLI. After creating an administrator user:

bash

$ sudo gvmd --create-user=super --password=StrongPass123!

I attempt to execute a basic command:

bash

$ gvm-cli --gmp-username super --gmp-password StrongPass123! ssh --xml "<get_version/>"

But I receive an authentication error/incorrect response (it’s important to add the specific error message from your case here).

End goal:
Automate the creation and management of scan tasks via CLI using:

  • Scheduled task creation

  • Automatic import of results

  • Batch management of scan configurations

Questions:

  1. What are the typical causes of authentication errors in GVM-CLI, even with correct credentials?

  2. How to properly format XML requests for task management?

  3. Are there examples of working scripts for:

    • Creating a scan task

    • Exporting results in PDF/HTML

    • Stopping/restarting tasks

Additional information:

  • GVM 26.2.0 (internal revision 262)

  • OS: Kali Linux 2025.1

2

└─$ sudo runuser -u _gvm – gvmd --create-user=super --password=StrongPass1 23!

[sudo] пароль для shaver:
md main:MESSAGE:2025-09-18 08h35.10 utc:1382717: Greenbone Vulnerabili ty Manager version 26.2.0 (DB revision 262)
md manage: INFO:2025-09-18 08h35.10 utc:1382717: Creating user.
User created.

┌──(shaver㉿kali)-[~]
└─$ gvm-cli --gmp-username super --gmp-password StrongPass123! ssh --xml “<get_version/>”

ERROR:gvmtools.cli:SSH Connection failed: Authentication failed.

3

Hello,

and welcome to this community forums.

AFAICT the “ssh” type is only working out of the box on the commercial Greenbone appliances but not on self-build environments like Kali (and there is AFAICT also no documentation available for these advisories).

Currently you probably would need to choose a different connection type like TCP (which is AFAICT also not really supported) or Unix Sockets.

2 Likes
4

@PapoCarlo please read the docs. some working examples

gvm-cli --gmp-username $USERNAME --gmp-password $PASSWORD socket --xml “<get_feeds/>”

This fetch the feed status on local machine using socket and xml parameters.. maybe you can now understand basics.

there is a bit more complex example.

Eero

5

@cfi is right, you can’t use ssh out of the box on Kali. It is required to forward your ssh connection to gvmd on the remote host which requires some additional setup. Currently this setup is not documented but you can take a look at the socat tool.

2 Likes
6

For scripting please take a look at our gvm-tools documentation

For more complicated scripting I highly recommend to use Python based gvm-scripts. We provide a lot of example scripts for that too.

2 Likes
7

@bricks well, in ssh you can run commands like ssh user@host “command”

8

You can of course install gvm-tools in the remote host and call it via ssh. but that’s not what @PapoCarlo wanted to do. he wanted to run gvm-tools on the local host and not the remote one.

1 Like
9

I’m really not sure what they wanted to do or avoid doing, since the description was so unclear. SSH natively supports tunneling, for example using LocalForward for TCP ports, and if you want it to start at boot, something like autossh could be used. Then you just use the TCP port or similar.

ssh(1) - Linux manual page

https://linux.die.net/man/1/autossh

and (edit)

Eero

10

The ssh connection type of gvm-tools is used as default for our appliances. At the appliances we forward the SSH port to the unix socket. This is done by using socat.

Of course you can forward the SSH port to the TLS port of gvmd or use the TLS connection directly. But as stated before we don’t maintain the TLS setup anymore. If it works fine, but if not, you are on your own.

1 Like
11

Yes, you are absolutely right. I want to use gvm-cli to run tasks via cron. To do this, I need to connect and log in to GVM. I have several different interfaces (eth0, eth1, etc.), and I want to scan the same host using different routes. However, the web interface of the scanner does not allow me to select an interface. Please help me!

12

I see and understand! Thank you! I choose the socket. But why can’t I log in as any user? I’ve figured out the syntax and the socket. However, I still can’t log in as the default user or a newly created user.

┌──(shaver㉿kali)-[~]
└─$ gvm-cli --gmp-username shaver --gmp-password 123456 socket --xml “<get_version/>”
ERROR:gvmtools.cli:[Errno 13] Permission denied

┌──(shaver㉿kali)-[~]
└─$ echo ‘<get_task/>’ | sudo socat - /var/run/gvmd/gvmd.sock
<gmp_response status=“400” status_text=“Only command GET_VERSION is allowed before AUTHENTICATE”/>
┌──(shaver㉿kali)-[~]
└─$ echo ‘’ | sudo socat - /var/run/gvmd/gvmd.sock
<authenticate_response status=“400” status_text=“Authentication failed”/>
┌──(shaver㉿kali)-[~]
└─$ echo ‘’ | sudo socat - /var/run/gvmd/gvmd.sock
<authenticate_response status=“400” status_text=“Authentication failed”/>
┌──(shaver㉿kali)-[~]
└─$ echo ‘’ | sudo socat - /var/run/gvmd/gvmd.sock
<authenticate_response status=“400” status_text=“Authentication failed”/>

13

@PapoCarlo

If I remember correctly, in Kali Linux by default only the _gvm user has permission to access the gvmd socket.

This has nothing to do with Greenbone users; the issue is that the OS-level user lacks access to the socket.

Eero

14

@PapoCarlo This has nothing to do with the GUI, but with routing; you need to configure the routing to another interface or dynamically modify it, or something similar.

Eero

15

@PapoCarlo Socat is used to forward the socket. The tool still used to connect to the forwarded socket is gvm-cli.

Eero

16

that was the problem, thank you!

17

This topic was automatically closed after 90 days. New replies are no longer allowed.