Generic SSH Scan Requirements

Credentials

The plugin requires SSH credentials for scanning.

Permissions

The permissions is entirely dependent on the target that is being scanned. In general, the login account must be able to run the requested command or escalate to be able to run the command.

Privilege Escalation Method

Due to the nature of supporting unknown targets, the escalation method must be configured in the compliance audit setup.

The escalation is a simple escalation of running a command, providing a password, and expecting a prompt or message that escalation succeeded.

The escalation method is configured as a global compliance setting for the scan or policy. For devices that use different escalation method, you must configure it separately in another scan or policy.

To configure privilege escalation for a Generic SSH compliance check:

  1. Navigate to ScansCompliance.
  2. In the drop-down box, select Generic SSH.
  3. For Audit file, upload an audit file.
  4. Under Global Settings, enter the following items:
    • Escalation Command: The command to use for accomplishing the privilege escalation. This is similar to the enable command for Cisco devices.
    • Escalation Success Check : A regular expression that must match after the escalation has succeeded. This can be the prompt or any other message notifying the success of privilege escalation.
  5. In the Credentials SSH settings, set Elevate privileges with to Cisco 'enable'.
  6. Enter the password for the escalation method.

Notes

  • Due to the nature of this plugin and its expected use against a varied and wide range of targets, Tenable does not provide any preconfigured audit files.
  • This plugin does not filter any command usage. This includes some types of functions that are filtered in other, similar plugins.