|
Quote:
Installation was not successfull. Could not login via SSH. If you don't have a public key installed be sure to set the following options in the sshd_config file: PermitRootLogin yes PasswordAuthentication yes 1.Public key is installed but I will have to check the directory to see if it looks for it in the sshd_config file 2. PermitRootLogin and PasswordAuthentication will be set to No as per recommended settings. |
Checking on the remote host points out this issue from SLAD installer:
sshovas@remote:~$ sudo tail -f /var/log/auth.log Feb 27 12:51:52 remote sshd[6169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=user.local user=root Feb 27 12:51:54 remote sshd[6169]: Failed password for root from 192.168.20.100 port 38939 ssh2 I keep entering the root password for the remote host but the SLAD installation still fails! In sshd_config , I set " Strict modes" to "no" but the same result. |
Unless you have unlocked and activated the root account, you can't login as root on Ubuntu. The account is locked and the password scrambled to a random value. This is a feature by design. You can get a root shell by using 'sudo -i' from a user account.
|
Quote:
What is the best way to create a user account for it if it already exists, simply add user? Getting a root shell is not the problem, the issue is that the SLAD installer requires the remote machine (target host) password in order to authenticate the SLAD installation like doing " sudo apt-get install SLAD installer". The way the SLAD installation runs is: Local host terminal (user@localhost)-->sudo /usr/bin/sladinstaller--------------> Remote host ssh authentication (via pub key)---> sudo apt-get install sladinstaller This what should happen however the root password of the remote host that I enter is not accepted by either the sshd/ssh_config due to inappropriate settings in one/either file. The previous screenshot I attached on page 1 of this thread shows the SLAD Installer GUI used to authenticate the installation. |
Ok, I made some more progress as I managed to get past the pub key authentication issue as the problem was indeed "root" account being inactive. I activated the account only for the purposes of allowing the installation but will disable it after:
sudo passwd root (Set a new password for this account) sudo passwd -l root (Disable the account) Installation proceeded until another issue! The damn package download link is the issue: Message Log: Start Installation: ssh auth with password local timestamp 1330361564 remote timestamp !Error! could not download http://www.dn-systems.org/boss/slad-2-current.tar.bz2: Couldn't connect to server The link is correct but I am guessing the proxy on my end needs to be checked! |
I am glad you got the SSH portion working! That was really puzzling. If you had been working with a distro other than Ubuntu, one that uses a root account, it looks like this may have gone a lot smoother.
Quote:
Have a look here: http://www.dn-systems.org/boss/slad2/ I am not sure which file it is you are after, but perhaps you could point it to the correct one? |
Quote:
http://www.dn-systems.org/boss/slad-...urrent.tar.bz2 The download of the package works via any web browser but not via the SLAD installer GUI launched from the terminal. I checked the proxy settings on the local and remote machines for apt in /etc/bash/bash.rc for http and ftp and the network connection proxy settings. I wonder could it do with port forwarding for ssh https://help.ubuntu.com/community/SS...PortForwarding Remote Port Forwarding: connections from the SSH server are forwarded via the SSH client, then to a destination server The command they give is: ssh -R 5900:localhost:5900 guest@joes-pc Not sure how this can work with current way I am running SLAD installer: user@localhost:~$ sudo /usr/bin/sladinstaller user@local:~$ grep Forwarding /etc/ssh/sshd_config X11Forwarding yes user@remote:~$ grep Forwarding /etc/ssh/sshd_config X11Forwarding yes Although it seems Dynamic port forwarding or using SSH to forward graphical applications over a network seems more relevant but I am not sure how I can implement this with the current way I run the SLAD Installer. Any ideas? |
An update on the SLAD Installation, I have finally installed SLAD on the target machine however it was not a clean install.
Following my issue with the package not downloading on the target/remote system, I tried changing the /etc/ssh(d)_config files and also installing programs like corkscrew and connect-proxy in order to tunnel SSH through HTTP proxy: http://en.kioskea.net/faq/2288-insta...rver-on-ubuntu http://www.ubuntugeek.com/how-to-use...in-ubuntu.html This did not work (there is an option to set a proxy in the ssh_config file so best to use this instead) Following theses attempts with HTTP proxy and adding more config files to ./.ssh/ and checking permissions, the id_rsa file somehow got corrupted by either moving it or the preceding changes. The error I got was : debug1: Connection established. debug1: identity file /home/user1/.ssh/identity type -1 debug3: Not a RSA1 key file /home/user1/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype So the changes I made somehow corrupted the file but ssh still worked via the terminal but not for the /usr/bin/sladinstaller on the local system when ran. I debugged the local ssh server and got that error message above so I moved the private id_rsa out of the .ssh directory. This got rid of the error but the sladinstaller kept giving authentication error messages as mentioned earlier in the thread. To avoid wasting more time troubleshooting I did this: 1. Remove all keys and files in .ssh directories on both local and remote machines (files like keys, known hosts etc) 2. Replace edited ssh_config and sshd_config files with unedited files of both 3. Generate new keys and verify the new keys 4. Copy new public key to remote .ssh directory 5. For Ubuntu users ensure, the user "root" account is enabled. Check that all file permissions are as follows on local and remote hosts chmod go-w ~/ chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys 6. Check that ssh-server is installed on the target machine http://vibhorkumar.wordpress.com/201...ction-refused/ 7. Run the slad installer as normal user on the local machine and it should run and download the package (although I am not sure why it can now download the package from the server) 8. For Ubuntu users, disable the "root" account Troubleshoot ssh connection issues such as bad permissions, corrupt keys with these links: https://help.ubuntu.com/community/SSH/OpenSSH/Keys http://www.tek-tips.com/faqs.cfm?fid=6934 http://blog.codefront.net/2007/02/28...tion-problems/ http://old.nabble.com/Bad-passphrase...d30553958.html http://www.noah.org/wiki/SSH_public_keys https://help.ubuntu.com/community/SS...SH/Configuring Time to test this simple installation!! (Hope this helps someone as the instructions are minimal and non existent for certain stages of this build) Also thanks to Noway2 for their contribution/help towards solving this install issue! |
Wow, what a process! I am keeping my fingers cross that it works! Once all is well, I think that this thread may warrant white-paper or sticky status as how to get the OpenVAS SLAD working on Ubuntu.
|
Indeed following the SLAD installation, it is a necessary to also ensure you have exim 4 server and mailutils installed as tripwire installs along with SLAD and it sends an email for the cronjob about the system files. However this error message appears:
user@local:~$ sudo /usr/sbin/tripwire --check ### Error: File could not be opened. ### Filename: /var/lib/tripwire/local.twd ### No such file or directory ### Exiting... The twinstall.sh script is located in the /etc/tripwire directory nor any other directory. The command below wants to create the twcfg and twpol files even though they are already created: [root@home /etc/tripwire]# twadmin --create-polfile --cfgfile ./tw.cfg --site-keyfile ./site.key ./twpol.txt ls -l /etc/tripwire/ iomlán 48 -rw------- 1 root root 931 2010-10-07 23:30 hostname-local.key -rw------- 1 root root 931 2010-10-07 23:28 site.key -rw-r--r-- 1 root root 4586 2010-10-07 23:30 tw.cfg -rw-r--r-- 1 root root 486 2009-11-07 23:41 twcfg.txt -rw-r--r-- 1 root root 486 2009-11-07 23:41 twcfg.txt.orig -rw-r--r-- 1 root root 4159 2010-10-07 23:30 tw.pol -rw-r--r-- 1 root root 6057 2009-11-07 23:41 twpol.txt -rw-r--r-- 1 root root 6057 2009-11-07 23:41 twpol.txt.orig It appears you have to generate the script although the command to do so asks for a local passphrase which is not created since twinstall.sh is not run: root@local:/etc/tripwire# tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --site-keyfile /etc/tripwire/site.key --local-keyfile /etc/tripwire/hostname-local.key Please enter your local passphrase: Incorrect local passphrase. So how do I initialize the tripwire database without a twinstall script? Or a better question how do I initialize the database without knowing the local and site passphrase which was somehow created without me specifying them during the SLAD installation when tripwire was also installed?? |
In the end I just moved the existing tripwire conf and pol files plus keys out of the tripwire directory.
Then recreated the keys and signed to create the conf and pol files. Finally I created the tripwire database. |
| All times are GMT -5. The time now is 12:39 PM. |