Open FrankSpierings opened 6 years ago
Thanks for the report. It looks like we should be checking for Lua errors thrown by libssh2 functions, so I'll add that in. Then we will be able to just treat this as a failed connection without cluttering the debug output with errors.
That would help me out quite a bit!
I receive this error even on version 7.80:
NSE: Starting ssh-auth-methods against #.#.#.#:22. NSE: ssh-auth-methods against #.#.#.#:22 threw an error! /usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: Unable to complete libssh2 handshake. stack traceback: [C]: in function 'libssh2.session_open' /usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect' /usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:34: in function </usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:31> (...tail calls...)
Version info: Nmap version 7.80 ( https://nmap.org ) Platform: x86_64-pc-linux-gnu Compiled with: liblua-5.3.3 openssl-1.1.1d nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.9.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select
I also got this error on Ubuntu 22.04 LTS, nmap 7.80. This nmap was installed with "apt" command. Is there any workaround for this?
normal log
$ nmap localhost -p22 --script=ssh-auth-methods.nse
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-19 05:04 JST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000069s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
22/tcp open ssh
|_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)
Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds
debug log
$ nmap localhost -p22 --script=ssh-auth-methods.nse -d
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-19 05:03 JST
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 05:03
Completed NSE at 05:03, 0.00s elapsed
Initiating Ping Scan at 05:03
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 05:03, 0.00s elapsed (1 total hosts)
Overall sending rates: 18018.02 packets / s.
mass_rdns: Using DNS server 127.0.0.53
Initiating Connect Scan at 05:03
Scanning localhost (127.0.0.1) [1 port]
Discovered open port 22/tcp on 127.0.0.1
Completed Connect Scan at 05:03, 0.00s elapsed (1 total ports)
Overall sending rates: 21276.60 packets / s.
NSE: Script scanning 127.0.0.1.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 05:03
NSE: Starting ssh-auth-methods against localhost (127.0.0.1:22).
NSE: ssh-auth-methods against localhost (127.0.0.1:22) threw an error!
/usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: Unable to complete libssh2 handshake.
stack traceback:
[C]: in function 'libssh2.session_open'
/usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect'
/usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:34: in function </usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:31>
(...tail calls...)
Completed NSE at 05:03, 0.01s elapsed
Nmap scan report for localhost (127.0.0.1)
Host is up, received syn-ack (0.000073s latency).
Other addresses for localhost (not scanned): ::1
Scanned at 2023-01-19 05:03:21 JST for 0s
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack
Final times for host: srtt: 73 rttvar: 3763 to: 100000
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 05:03
Completed NSE at 05:03, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds
Same here: ssh-auth-methods: ERROR: Script execution failed (use -d to debug) nmap
$ nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.0 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
$ uname -a
Linux REDACTED 5.19.0-32-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Jan 30 17:03:34 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
On my system I installed nmap via Ubuntu's APT, and I get the above errors. However If I clone the repo on the same machine and ./configure / make, then try the same scan, the ssh-auth-method script works without error.
No such luck for me :(. I get the same error with the APT package and a local build...
# /usr/local/bin/nmap --version
Nmap version 7.94 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.4 openssl-1.1.1 libssh2-1.8.0 libz-1.2.11 libpcre-8.39 nmap-libpcap-1.10.4 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
and
# uname -a
Linux REDACTED 4.15.0-163-generic #171-Ubuntu SMP Fri Nov 5 11:55:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
and
NSE: ssh-auth-methods against REDACTED threw an error!
/usr/local/bin/../share/nmap/nselib/libssh2-utility.lua:36: Unable to complete libssh2 handshake.
stack traceback:
[C]: in function 'libssh2.session_open'
/usr/local/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect'
/usr/local/bin/../share/nmap/scripts/ssh-auth-methods.nse:34: in function </usr/local/bin/../share/nmap/scripts/ssh-auth-methods.nse:31>
(...tail calls...)
Completed NSE at 13:21, 0.04s elapsed
Same error. on a raspberry pi 4 with ubuntu 22.04.
rpi4:~$ nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: aarch64-unknown-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.2 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
rpi4:~$ uname -a
Linux rpi4 5.15.0-1055-raspi #58-Ubuntu SMP PREEMPT Sat May 4 03:52:40 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux
rpi4:~$ dpkg -l | grep libssh
ii libssh-4:arm64 0.9.6-2ubuntu0.22.04.3 arm64 tiny C SSH library (OpenSSL flavor)
ii libssh-gcrypt-4:arm64 0.9.6-2ubuntu0.22.04.3 arm64 tiny C SSH library (gcrypt flavor)
ii libssh2-1:arm64 1.10.0-3 arm64 SSH2 client-side library
Same error as above user
rpi4:~$ nmap localhost -p22 --script=ssh-auth-methods.nse
Starting Nmap 7.80 ( https://nmap.org ) at 2024-07-03 10:01 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00048s latency).
PORT STATE SERVICE
22/tcp open ssh
|_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)
Nmap done: 1 IP address (1 host up) scanned in 0.77 seconds
rpi4:~$ nmap localhost -p22 --script=ssh-auth-methods.nse -d
Starting Nmap 7.80 ( https://nmap.org ) at 2024-07-03 10:01 CEST
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:01
Completed NSE at 10:01, 0.00s elapsed
Initiating Ping Scan at 10:01
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 10:01, 0.00s elapsed (1 total hosts)
Overall sending rates: 2375.30 packets / s.
mass_rdns: Using DNS server 127.0.0.53
Initiating Connect Scan at 10:01
Scanning localhost (127.0.0.1) [1 port]
Discovered open port 22/tcp on 127.0.0.1
Completed Connect Scan at 10:01, 0.00s elapsed (1 total ports)
Overall sending rates: 1663.89 packets / s.
NSE: Script scanning 127.0.0.1.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:01
NSE: Starting ssh-auth-methods against localhost (127.0.0.1:22).
NSE: ssh-auth-methods against localhost (127.0.0.1:22) threw an error!
/usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: Unable to complete libssh2 handshake.
stack traceback:
[C]: in function 'libssh2.session_open'
/usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect'
/usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:34: in function </usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:31>
(...tail calls...)
Completed NSE at 10:01, 0.04s elapsed
Nmap scan report for localhost (127.0.0.1)
Host is up, received syn-ack (0.00051s latency).
Scanned at 2024-07-03 10:01:50 CEST for 0s
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack
Final times for host: srtt: 510 rttvar: 3811 to: 100000
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:01
Completed NSE at 10:01, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 0.78 seconds
I receive the following error (ip removed):
This occurs when a ssh connection can not be actually made. "The SYN cookies are a lie". They make nmap think the port is open.