Gvm-cli over gmp or ssh confusing

thomas.will · September 14, 2020, 5:03pm

I installed to version of gvm …

self compiled
gvm packages from kali linux

and i want to access from remote over gvm-cli

First question?

Is gmp depricated? I tried to start gsad with the option --mport 9390, but the port didn’t open.
so im not able to connect over gmp. the socket works, but only local.

Second Question
What i have to do, that I can access over ssh?

When I try to access …
*gvm-cli ssh --hostname scanner --xml="<get_tasks/>"
I get
*Remote closed the connection
my gvm-tools.conf looks like

cat gvm-tools.conf
[ssh]
username=thomas
password=very-secure
port=22

On the Host i see with tcpdump

19:01:39.048066 IP 127.0.0.1.55480 > 127.0.0.1.9050: Flags [S],
19:01:39.048074 IP 127.0.0.1.9050 > 127.0.0.1.55480: Flags [R.],
19:01:39.048348 IP 127.0.0.1.35014 > 127.0.0.1.9150: Flags [S],
19:01:39.048356 IP 127.0.0.1.9150 > 127.0.0.1.35014: Flags [R.],

i would appreciate for help

thomas.will · September 15, 2020, 6:04am

my main problem is, understand how the remote access work. When i access over ssh, is it nessarary to create a posix login with the same account data, as in the greenbone webinterface?

How work the access - ssh and local over the socket? or over gmp port 9390?

bricks · September 15, 2020, 3:55pm

GMP is not deprecated. Where did you get this statement from?

GMP is not based on HTTP therefore is isn’t provided by our web server gsad. It is the protocol provided by gvmd.

SSH access is only available out of the box by our GSM products. Only local unix domain socket connections are supported by default. Using TLS or SSH needs some additional setup.

thomas.will · September 17, 2020, 11:34am

Thank you Bricks … How? Is there a Documention?

gsad has the an option --mport= … the man pages says that this is the option to open the manager port, but it has no effect …

gvmd -p 9150 -a 127.0.0.1 … I think this is the right direction …

thanks …

bricks · September 17, 2020, 1:07pm

Actually it is

-m, --mport=<number>                   Use manager port number <number>.

which means connect to the manager daemon which listens on port <number>

thomas.will · September 17, 2020, 3:56pm

thank you for the enlightment

Server
gvmd -p 9390 -a 0.0.0.0
Client
gsad --mport=9390 --mlisten 127.0.0.1

so tls connection works over network

gvm-cli tls --hostname scanner --xml="<get_tasks/>"

… next step is ssh