OpenVAS SSH Connection Error

MAXBA · June 7, 2024, 3:45am

Hi everyone,

I need your help, i compile a community edition of Greenbone and i stuck in error with one thing.

When i try start a audit scan with ssh credentials either with passwords or ssh keys, i have this problem (i try too with docker compose from the original guide):

`Jun  7 00:28:08 kibana sshd[319992]: Accepted password for {PRIVACY} from {PRIVACY} port 47408 ssh2
Jun  7 00:28:08 kibana sshd[319992]: pam_unix(sshd:session): session opened for user {PRIVACY}(uid=1000) by (uid=0)
Jun  7 00:28:13 kibana sshd[319992]: pam_unix(sshd:session): session closed for user {PRIVACY}
Jun  7 00:33:29 kibana sshd[320063]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:29 kibana sshd[320063]: banner exchange: Connection from {PRIVACY} port 35917: invalid format
Jun  7 00:33:29 kibana sshd[320064]: error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.0"
Jun  7 00:33:29 kibana sshd[320064]: banner exchange: Connection from {PRIVACY} port 54249: invalid format
Jun  7 00:33:29 kibana sshd[320067]: error: kex_exchange_identification: Connection closed by remote host
Jun  7 00:33:29 kibana sshd[320067]: Connection closed by {PRIVACY} port 33633
Jun  7 00:33:29 kibana sshd[320068]: Accepted password for {PRIVACY} from {PRIVACY} port 33713 ssh2
Jun  7 00:33:29 kibana sshd[320068]: pam_unix(sshd:session): session opened for user {PRIVACY}(uid=1000) by (uid=0)
Jun  7 00:33:29 kibana sshd[320065]: Accepted password for {PRIVACY} from {PRIVACY} port 52304 ssh2
Jun  7 00:33:29 kibana sshd[320065]: pam_unix(sshd:session): session opened for user {PRIVACY}(uid=1000) by (uid=0)
Jun  7 00:33:30 kibana sshd[320145]: Received disconnect from {PRIVACY} port 33713:11: Bye Bye
Jun  7 00:33:30 kibana sshd[320145]: Disconnected from user {PRIVACY} {PRIVACY} port 33713
Jun  7 00:33:30 kibana sshd[320068]: pam_unix(sshd:session): session closed for user {PRIVACY}
Jun  7 00:33:30 kibana sshd[320180]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320180]: banner exchange: Connection from {PRIVACY} port 60559: invalid format
Jun  7 00:33:30 kibana sshd[320181]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320181]: banner exchange: Connection from {PRIVACY} port 58685: invalid format
Jun  7 00:33:30 kibana sshd[320193]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320193]: banner exchange: Connection from {PRIVACY} port 36965: invalid format
Jun  7 00:33:30 kibana sshd[320194]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320194]: banner exchange: Connection from {PRIVACY} port 41435: invalid format
Jun  7 00:33:30 kibana sshd[320195]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320195]: banner exchange: Connection from {PRIVACY} port 54981: invalid format
Jun  7 00:33:30 kibana sshd[320196]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320196]: banner exchange: Connection from {PRIVACY} port 51331: invalid format
Jun  7 00:33:30 kibana sshd[320197]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320197]: banner exchange: Connection from {PRIVACY} port 45373: invalid format
Jun  7 00:33:30 kibana sshd[320198]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320198]: banner exchange: Connection from {PRIVACY} port 35549: invalid format
Jun  7 00:33:30 kibana sshd[320199]: error: kex_exchange_identification: banner line contains invalid characters
Jun  7 00:33:30 kibana sshd[320199]: banner exchange: Connection from {PRIVACY} port 42231: invalid format`

Can you help me?

rippledj · June 7, 2024, 4:33am

From a quick Internet search, this is often associated with using a web-application firewall (WAF) such as CloudFlare. But more generally, it is an error in the SSH server setup.

MAXBA · June 7, 2024, 4:39am

Hi, thanks for a fast response.

Include /etc/ssh/sshd_config.d/*.conf
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server

This is my sshd_config in the server, its default config.

MAXBA · June 7, 2024, 4:15pm

When i try this command:

openvas-nasl -Xd -i /var/lib/openvas/plugins/ssh_authorization.nasl -t IP -T foolog -k Secret/SSH/login=Usuario -k Secret/SSH/password=Pass /var/lib/openvas/plugins/ssh_authorization.nasl

The connection is succesfully, when i try a the same test with GSA the result is failed.

MAXBA · June 11, 2024, 12:34am

Hi everyone, i found the error.
When i tried use the elevate privilege user cause that fail.

Because this function is experimental and not working in Ubuntu.