TOC & Recently Viewed

Recently Viewed Topics

Configure Nessus for SSH Host-Based Checks

If you have not already done so, secure copy the private and public key files to the system that you will use to access the Nessus scanner.

Nessus Web Interface Steps

In the Scan Credential Settings section, select SSH.

  • If an SSH known_hosts file is available and provided as part of the scan policy in the known_hosts file box, Nessus will only attempt to log into hosts in this file. This can ensure that the same username and password you are using to audit your known SSH servers is not used to attempt a login to a system that may not be under your control.
  • In the Username box, enter the name of the account that is dedicated to Nessus on each of the scan target systems.
  • If you are using a password for SSH, enter it in the Password box.
  • In the Private Key box, locate the private key file on your local system.
  • If you are using a passphrase for the SSH key (optional), enter it in the Private key passphrase box.
  • Nessus and SecurityCenter users can additionally use “su” or “sudo” in the Elevate privileges with box and a separate password.

The most effective credentialed scans are those when the supplied credentials have “root” privileges. Since many sites do not permit a remote login as root, Nessus users can invoke “su” or “sudo” with a separate password for an account that has been set up to have “su” or “sudo” privileges.

Nessus Linux Command Line

Nessus support for host-based checks is available in Nessus 2.2.0 and later and requires that SSL support be compiled in. Run the “nessusd –d” command to verify that you have the correct version and SSL libraries as follows:

# nessusd -d

This is Nessus 4.0.0. [build T987] for Linux 2.6.18-53.1.6.el5

compiled with gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)

Current setup :

flavor : (undefined)

nasl : 4.0.0

libnessus : 4.0.0

SSL support : enabled

SSL is used for client / server communication

Running as euid : 0

Magic hash: (undefined)#

Using .nessus Files

Nessus has the ability to save configured scan policies, network targets and reports as a .nessus file. The Nessus Web Interface Steps section describes the steps to create a .nessus file that contains SSH credentials.

Using .nessusrc Files

If you are manually creating .nessusrc files, there are several parameters that can be configured to specify SSH authentication. An example of an unpopulated listing is shown below:

Use SSH to perform local security checks[entry]:SSH user name : =

Use SSH to perform local security checks[file]:SSH public key to use : =

Use SSH to perform local security checks[file]:SSH private key to use : =

Use SSH to perform local security checks[password]:Passphrase for SSH key

: =

SSH settings[entry]:SSH user name : =

SSH settings[password]:SSH password (unsafe!) : =

SSH settings[file]:SSH public key to use : = no

SSH settings[file]:SSH private key to use : =

SSH settings[password]:Passphrase for SSH key : =

If you are using Kerberos, you must configure a Nessus scanner to authenticate to a KDC by entering the following information in the scanner .nessusrc file:

Kerberos KDC port : 88

Kerberos KDC Transport : udp

Kerberos Realm (SSH Only) : myrealm

Kerberos Key Distribution Center (KDC): 192.168.20.66

The default KDC port is “88” and the default transport protocol is “udp”. The other value for transport is “tcp”. Last, the Kerberos Realm name and IP address of the KDC are required.

Note: You must already have a Kerberos environment established to use this method of authentication.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.