OSP - Sensor as second scanner

I might need help to connect scanner to my main scanner machine.
Setup is :
Both machines uses :
latest Kali linux
Linux AAAAA 5.15.0-kali2-amd64 #1 SMP Debian 5.15.5-2kali2 (2021-12-22) x86_64 GNU/Linux
Linux BBBBB 5.15.0-kali2-amd64 #1 SMP Debian 5.15.5-2kali2 (2021-12-22) x86_64 GNU/Linux

Greenbone Security Assistant 21.4.3
Greenbone Vulnerability Manager 21.4.4
OpenVAS 21.4.3
gvm-libs 21.4.3

telnet BBBBB 9390
Connected to .
Escape character is ‘^]’.

Both passes the gvm-manage-certs -V “OK: Your GVM certificate infrastructure passed validation”

They are installed separately, not cloned.
Main machine is AAAAA.
On AAAAA i’m creating credentials from configuration → credentials .I use clientcer.pem and clientkey.pem from BBBBB.
I continue with adding a scanner on AAAAA, that live on BBBBB, from web interface AAAAA:9392. I use cacert.pem from BBBBB .
As standard, Scanner is created as type OSP Scanner.

From console on AAAAA i change type of scanner with

sudo -H -u _gvm gvmd --modify-scanner=f9e69bd5-d9e1-4c8c-9773-f7d6a672fdd9 --scanner-type=OSP-Sensor --scanner-host=BBBBB --scanner-key-pub=/var/lib/gvm/BBBBB/clientcert.pem --scanner-key-priv=/var/lib/gvm/BBBBB/clientkey.pem --scanner-ca-pub=/var/lib/gvm/BBBBB/cacert.pem --scanner-port=9390

Now in web interface AAAAA:9392 scanner changes type to ‘Greenbone Sensor’ .I Think this is OK.
When i try to ''verify" scanner from AAAA’s web i’ve got "Service unavailable:
Log from AAAAA/gvm/gvmd.log/

libgvm osp:WARNING:2022-01-17 14h56.54 UTC:378023: Erroneous OSP <get_version/> response.

Log from BBBBB/gvm/gvmd.log

md main:WARNING:2022-01-17 14h56.54 utc:4639: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.

When i try to verify from console on AAAAA with

sudo -H -u _gvm gvmd --verify-scanner=f9e69bd5-d9e1-4c8c-9773-f7d6a672fdd9 -v

it returns this

free(): invalid pointer

Log from BBBBB is same -

failed to read from client: The TLS connection was non-properly terminated.

Certs and key files are owned by _gvm.
I also added cacert.pem as trusted in my system on AAAAA.
I’ve tested it with gnutls-cli. -

Status: The certificate is trusted.

What im doing wrong ?
Sorry if topic is not in the right place.

Hi @AyyJYH and welcome to the forum :slight_smile:

It might help us to try to figure it out if we knew what you are trying to achieve and more about your usage scenario. If I understand correctly, you are using two machines and two instances but mixing credentials and keys?

1 Like

Hello, 10x for reply .
Yes, I’m trying to add external scanner to my main machine.

1 Like

This documentation looks older and not everything could apply, but if you haven’t seen this yet, try looking here to see if there are any hints: 18. Connecting the Greenbone Security Manager to Other Systems — Greenbone Security Manager (GSM) 5 documentation

I just want to add external scanner.
"The open format allows developing custom OSP scanners. Greenbone Networks provides the protocol documentation at https://docs.greenbone.net/API/OSP/osp-1.1.html."
And link doesnt work.

Sorry about that- here’s more current docs (they didn’t come up in a search so i looked through the manual to find it)


with a working link to the OSP doc here Tech Doc Portal

I haven’t this up myself with an external so I don’t have any hands-on advice, but hopefully someone who has will see the thread and can jump in.

"Connecting additional scanners using OSP
The Open Scanner Protocol (OSP) is a standardized interface for different vulnerability scanners. Arbitrary scanners can be integrated seamlessly into the GSM vulnerability management. Controlling the scanners and handling the results works in the same way for all scanners. "

And that’s it. There is nothing that will help you to understand how to do it.

Can you at least try to do it ?

It’s something I plan to do, but do not have the opportunity right now. In the meantime if I find anything about the errors you’re seeing, I will let you know.


I have a running AAAA with gsa,gvm and ospd-openvas…
At my BBBB there is no longer a gvm (support for gvm2gvm was removed) - so only ospd-openvas….

The scanner object for BBBB has type “OpenVAS Scanner” - I was unsuccesful with OSPscanner.
A verify is successful.

1 Like

Thanks for reply.
ATM it works as you said, only ospd-openvas .


sorry forgot my env:

gsad: 21.4.3
gvmd: 21.4.3
openvas-scanner: 21.4.4~dev1
gvm-libs: 21.4.4~dev1


Operating system: gentoo
Kernel: 5.4.168
Installation method / source: gentoo ebuild from git

A post was split to a new topic: CVEs and CPEs with score = 0, log and N/A