Recently Viewed Topics
Configure Nessus for SSH Host-Based Checks
If you have not already done so, secure copy the private and public key files to the system that you will use to access the Nessus scanner.
Nessus Web Interface Steps
In the Scan Credential Settings section, select SSH.
- If an SSH known_hosts file is available and provided as part of the scan policy in the known_hosts file box, Nessus will only attempt to log into hosts in this file. This can ensure that the same username and password you are using to audit your known SSH servers is not used to attempt a login to a system that may not be under your control.
- In the Username box, enter the name of the account that is dedicated to Nessus on each of the scan target systems.
- If you are using a password for SSH, enter it in the Password box.
- In the Private Key box, locate the private key file on your local system.
- If you are using a passphrase for the SSH key (optional), enter it in the Private key passphrase box.
- Nessus and SecurityCenter users can additionally use “su” or “sudo” in the Elevate privileges with box and a separate password.
The most effective credentialed scans are those when the supplied credentials have “root” privileges. Since many sites do not permit a remote login as root, Nessus users can invoke “su” or “sudo” with a separate password for an account that has been set up to have “su” or “sudo” privileges.