Hi there,
I’m really new with Greenbone. I’m trying to connect with the gvm-tools from another linux server to automate some reports. I can not find any documentation about possibilities to add a second ssh user for the GOS and didn’t want to use the admin account. Is there any option to create an extra ssh user on GOS? Or is there another option to use a webinterface user?
Kind regards
Alicia
Hello Alicia, welcome to the Greenbone Community!
As gvm-tools uses the GMP API, you have to create a Web/GMP user, see this section of our manual. The GOS administrator account cannot be used for this purpose, for more information see our authorization concept.
Please note that if you are using our free GSM TRIAL appliance, the GMP API and any related settings will not be available.
Thank you Martin,
we are using the paid version of GSM appliance.
If I understand the documentation the right way, I have to use a GMP/Web user and a ssh user to build the connection using ssh. At the moment I’m testing it with my personal Web user which has the role of an admin but I’m struggling with the ssh connection to the romete GOS appliance.
I’m trying this simple command:
gvm-cli ssh --hostname 172.22.248.40 --xml "<get_version/>"
with someting like this is my .config/gvm-tools.config
[gmp]
username=<my_user>
password=<my_password>
[ssh]
username=admin
password=<admin_password>
port=22
But there are two problems:
It didn’t work. Getting some output like:
Remote closed the connection
For production I would preferre to have an option for another ssh user, so I don’t need to make the password available in a file.
Kind regards,
Alicia
PS.: Additional DEBUG log:
DEBUG:paramiko.transport:starting thread (client mode): 0x82abda58
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.7.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-Greenbone_7.9p2gb Greenbone OS 20.08
INFO:paramiko.transport:Connected (version 2.0, client Greenbone_7.9p2gb)
DEBUG:paramiko.transport:kex algos:['curve25519-sha256', 'curve25519-sha256@libssh.org', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group14-sha256', 'diffie-hellman-group14-sha1'] server key:['ssh-rsa', 'ssh-ed25519'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-512', 'hmac-sha2-256'] server mac:['hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-512', 'hmac-sha2-256'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey agreed: ssh-ed25519
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha2-256
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-ed25519 host key for 172.x.x.x: b'1f9caf415a5ecfab8a992dfe87300a35'
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) successful!
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:Received global request "hostkeys-00@openssh.com"
DEBUG:paramiko.transport:Rejecting "hostkeys-00@openssh.com" global request from server.
DEBUG:paramiko.transport:[chan 0] Max packet out: 32768 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
DEBUG:paramiko.transport:[chan 0] EOF received (0)
DEBUG:paramiko.transport:[chan 0] EOF sent (0)
DEBUG:paramiko.transport:Dropping user packet because connection is dead.It is neither possible nor necessary to specify a SSH user when using GMP in combination with our appliances. A special, pre-configured, and secured account is used for this purpose.
Please remove the [ssh] section of your config file, and try connecting again. Please also make sure that the GMP service is enabled in GOS.
Thanks Martin,
yes without the [ssh] section it’s working.
