TOC & Recently Viewed

Recently Viewed Topics

Configure Nessus for SSH Host-Based Checks

If you have not already done so, secure copy the private and public key files to the system that you will use to access the Nessus scanner.

Nessus Web Interface Steps

In the Scan Credential Settings section, select SSH.

  • If an SSH known_hosts file is available and provided as part of the scan policy in the known_hosts file box, Nessus will only attempt to log into hosts in this file. This can ensure that the same username and password you are using to audit your known SSH servers is not used to attempt a login to a system that may not be under your control.
  • In the Username box, enter the name of the account that is dedicated to Nessus on each of the scan target systems.
  • If you are using a password for SSH, enter it in the Password box.
  • In the Private Key box, locate the private key file on your local system.
  • If you are using a passphrase for the SSH key (optional), enter it in the Private key passphrase box.
  • Nessus and SecurityCenter users can additionally use “su” or “sudo” in the Elevate privileges with box and a separate password.

The most effective credentialed scans are those when the supplied credentials have “root” privileges. Since many sites do not permit a remote login as root, Nessus users can invoke “su” or “sudo” with a separate password for an account that has been set up to have “su” or “sudo” privileges.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.