Configuration Requirements for SSH

Nessus supports the blowfish-cbc, aesXXX-cbc (aes128, aes192 and aes256), 3des-cbc and aes-ctr algorithms.

Some commercial variants of SSH do not have support for the blowfish cipher, possibly for export reasons. It is also possible to configure an SSH server to only accept certain types of encryption. Check that your SSH server supports the correct algorithm.

User Privileges

For maximum effectiveness, the SSH user must have the ability to run any command on the system. On Linux systems, this is known as root privileges. While it is possible to run some checks (such as patch levels) with non-privileged access, full compliance checks that audit system configuration and file permissions require root access. For this reason, it is strongly recommended that SSH keys be used instead of credentials when possible.

Configuration Requirements for Kerberos

If Kerberos is used, sshd must be configured with Kerberos support to verify the ticket with the KDC. Reverse DNS lookups must be properly configured for this to work. The Kerberos interaction method must be gssapi-with-mic.