search

rapid7 / nexpose-client

DEPRECATED: Rapid7 Nexpose API client library written in Ruby
https://www.rapid7.com/
BSD 3-Clause "New" or "Revised" License
150 stars 103 forks source link

Unknown SSH Handshake error #308

Closed yahanvesh closed 6 years ago

yahanvesh commented 6 years ago

Expected Behavior

When creating custom SiteCredentials object and launching scan, Credentials are supposed to work. But it only works if you manually input the credentials and save the site and scan.

Current Behavior

Nexpose SSH Version:    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Target machine ssh version:    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

Im copying a site and emptying the old sitecredentials object and create a custom site credentials object as below , but on launching the i keep getting credentials failure error.

site = Site.copy(@nsc, 3333)
site.name = 'Site1212'
site.included_addresses = []  # Clear out existing addresses and host names from configuration.
site.included_asset_groups = []  # Clear out existing asset groups from configuration.
site.site_credentials=[] # Clear out existing site credentials
site.include_asset(10.4.2.2) # host name or IP address is determined automatically

cred = SiteCredentials.new
cred.name='SSHEntry'
cred.service = 'ssh'
cred.user_name = 'root'
cred.password = 'xxxxxx'
cred.permission_elevation_type = Credential::ElevationType::SUDOSU
cred.permission_elevation_user = 'root'
cred.permission_elevation_password = 'xxxxxxx'
cred.scope= 'S'
cred.enabled='true'
site.site_credentials << cred
site.save(@nsc)

Error in the Scan logs:- Duration: 0:00:00.004] pfsense-ssh-default-admin (pfsense-ssh-default-admin-login) - ERROR -

java.lang.RuntimeException: com.rapid7.net.NetException: Unknown SSH handshake: "" at com.rapid7.net.ssh.SSHClient.getRemoteVersionInfo(Unknown Source) at com.rapid7.net.ssh.SSHClient.getVendorVersion(Unknown Source) at com.rapid7.net.ssh.SSHAuthenticator.authenticate(Unknown Source) at com.rapid7.net.ssh.SSHAuthenticator.authenticateCredentials(Unknown Source) at com.rapid7.handlers.plugin.vulnck.DefaultAccountCheckHandler.handle(DefaultAccountCheckHandler.java:100) at com.rapid7.handlers.plugin.BaseCheckContext.invokeTest(BaseCheckContext.java:218) at com.rapid7.handlers.plugin.BaseCheckContext.invokeTimedTest(BaseCheckContext.java:168) at com.rapid7.handlers.context.VulnerabilityCheckContext.performTests(VulnerabilityCheckContext.java:242) at sun.reflect.GeneratedMethodAccessor1462.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.rapid7.thread.ThreadedCall.invokeCall(Unknown Source) at com.rapid7.thread.ThreadedCall.execute(Unknown Source) at com.rapid7.thread.ThreadedCallRunner.executeCall(Unknown Source) at com.rapid7.thread.ThreadedCallRunner.run(Unknown Source) Caused by: com.rapid7.net.NetException: Unknown SSH handshake: "" ... 15 more

Your Environment

gschneider-r7 commented 6 years ago

The error text you have there seems unrelated to your credential use as it is from a "Default Account Check". Relevant error messages would be along the lines of "administrative credentials failed to validate" or similar.

I'll have to look into this some more to see what is wrong because I know this functionality should work and we have automated test coverage using it that runs nightly. It's likely to be some minor mis-use or missing option.

yahanvesh commented 6 years ago

Yes i get the logs you mentioned as well. 2017-12-04T17:55:16 [INFO] [Thread: ssh-do-service-admin-connect@app1602.auto.xxxxxx.com:22] [Site: Testcred5] Attempting SSH connection with administrative credentials... 2017-12-04T17:55:16 [INFO] [Thread: ssh-do-service-admin-connect@app1602.auto.xxxxx.com:22] [Site: Testcred5] A set of SSH administrative credentials have failed verification. 2017-12-04T17:55:16 [INFO] [Thread: ssh-do-service-admin-connect@app1602.auto.xxxxxxx.com:22] [Site: Testcred5] [app1602.xxxxxx.com:22/tcp] Logging administrative credential status SUPPLIED_FAILED for service SSH. 2017-12-04T17:55:16 [INFO] [Thread: ssh-do-service-admin-connect@app1602.auto.xxxxxx.com:22] [Site: Testcred5] [Status: Complete] [Duration: 0:00:00.003]

I get the same issue using SharedCredentials as well, but on adhoc basis say its successful 1 out of 5 times, so that made it even more puzzling as to why it worked the 1 time it did.

Do you have a sample code with SiteCredentials setup. What about the CredentialManagement option when done through code?

Also i tried to ssh to the target box manually from the nexpose server, dont have any issues there, works everytime. Also i tried the Test Credential in the UI, it works there too on adhoc basis, say 1 out of 5 times.

yahanvesh commented 6 years ago

@gschneider-r7 did you get a chance to look at my updated comments. Thanks

gschneider-r7 commented 6 years ago

Sorry I haven't had a chance to follow up on this. Since you are seeing similar behavior in the UI you may want to open a support case as that indicates the problem would not be with the gem. That's very unusual to not have consistent success or failure with SSH credentials.

gschneider-r7 commented 6 years ago

Closing this issue as it seems to be unrelated to the gem.