LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-27-2012, 04:00 AM   #16
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21

Quote:
Originally Posted by Noway2 View Post
It appears you are running SSH on port 1234, can the SLAD installer SSH into this port or does it default to port 22? If I am reading your output correctly, it looks like the SSH connection via key authentication is being established.
As part of the debugging process on http://www.tek-tips.com/faqs.cfm?fid=6934 , you test ssh on port 1234 as below
/usr/sbin/sshd -p1234 -d , by default I use port 22.


In answer to your other questions, yes the public key either gets renamed to authorized_keys or gets appended to the authorized keys file (on the remote system). The permissions for these files and directories should be such that only the owner can write to them, which looks ok.
I understand that, but different guides to setting SSH key/file permissions state differing permissions but there is no definite list of permissions for the SSH key/files. I had to trial and test the different permissions until it worked for SSH connection but still not for the SLAD installer, the Openvas instructions are quite poor in this regard which is way I asked what permissions you use as shown below, I had to use http://www.noah.org/wiki/SSH_public_keys:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts


Also, yes the keys should be id_rsa, not id_rsa_something else, unless you have configured your SSH client / server to look for these different files. The configuration would be in your /etc directory, by the way.
So you can only have one rsa key setup from a machine unless you edit the /etc/ssh/sshd_config file to allow for a key named id_rsa_something? (I followed the openvas instructions originally)


If you have gotten SSH via key authentication working, but Ovas is still claiming that it can't login you might want to ping the IRC channel or mailing list to see if anyone has a clue based upon experience with the tool. I sorry to admit that I am really starting to scratch dirt on this one.
I know it is frustrating having gotten so far and at the last hurdle the SLAD Installer still complains about the permissions that it still cannot login via SSH when I can:

Installation was not successfull. Could not login via SSH. If you don't have a public key installed be sure to set the following options in the sshd_config file:
PermitRootLogin yes
PasswordAuthentication yes

1.Public key is installed but I will have to check the directory to see if it looks for it in the sshd_config file
2. PermitRootLogin and PasswordAuthentication will be set to No as per recommended settings.

Last edited by shayno90; 02-27-2012 at 06:29 AM.
 
Old 02-27-2012, 06:56 AM   #17
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
Checking on the remote host points out this issue from SLAD installer:

sshovas@remote:~$ sudo tail -f /var/log/auth.log

Feb 27 12:51:52 remote sshd[6169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=user.local user=root
Feb 27 12:51:54 remote sshd[6169]: Failed password for root from 192.168.20.100 port 38939 ssh2

I keep entering the root password for the remote host but the SLAD installation still fails!

In sshd_config , I set " Strict modes" to "no" but the same result.
 
Old 02-27-2012, 09:21 AM   #18
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Unless you have unlocked and activated the root account, you can't login as root on Ubuntu. The account is locked and the password scrambled to a random value. This is a feature by design. You can get a root shell by using 'sudo -i' from a user account.
 
1 members found this post helpful.
Old 02-27-2012, 09:37 AM   #19
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by Noway2 View Post
Unless you have unlocked and activated the root account, you can't login as root on Ubuntu. The account is locked and the password scrambled to a random value. This is a feature by design. You can get a root shell by using 'sudo -i' from a user account.
True, the user "root" has no user account setup and so would be disabled. Any reference to the failed password attempt above is usually linked to malicious login attempts when searched but in this case not

What is the best way to create a user account for it if it already exists, simply add user?

Getting a root shell is not the problem, the issue is that the SLAD installer requires the remote machine (target host) password in order to authenticate the SLAD installation like doing " sudo apt-get install SLAD installer".

The way the SLAD installation runs is:

Local host terminal (user@localhost)-->sudo /usr/bin/sladinstaller--------------> Remote host ssh authentication (via pub key)---> sudo apt-get install sladinstaller

This what should happen however the root password of the remote host that I enter is not accepted by either the sshd/ssh_config due to inappropriate settings in one/either file.

The previous screenshot I attached on page 1 of this thread shows the SLAD Installer GUI used to authenticate the installation.
 
Old 02-27-2012, 11:12 AM   #20
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
Ok, I made some more progress as I managed to get past the pub key authentication issue as the problem was indeed "root" account being inactive. I activated the account only for the purposes of allowing the installation but will disable it after:

sudo passwd root

(Set a new password for this account)

sudo passwd -l root

(Disable the account)

Installation proceeded until another issue! The damn package download link is the issue:

Message Log:
Start Installation:
ssh auth with password
local timestamp 1330361564 remote timestamp

!Error! could not download http://www.dn-systems.org/boss/slad-2-current.tar.bz2: Couldn't connect to server

The link is correct but I am guessing the proxy on my end needs to be checked!
 
Old 02-27-2012, 12:23 PM   #21
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
I am glad you got the SSH portion working! That was really puzzling. If you had been working with a distro other than Ubuntu, one that uses a root account, it looks like this may have gone a lot smoother.

Quote:
!Error! could not download http://www.dn-systems.org/boss/slad-2-current.tar.bz2: Couldn't connect to server

The link is correct but I am guessing the proxy on my end needs to be checked!
It looks like the site, for DN-systems is up and running and they are hosting the files for download. The link, though, does not work for me and gives me a 404 error.
Have a look here: http://www.dn-systems.org/boss/slad2/ I am not sure which file it is you are after, but perhaps you could point it to the correct one?
 
Old 02-28-2012, 04:46 AM   #22
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by Noway2 View Post
I am glad you got the SSH portion working! That was really puzzling. If you had been working with a distro other than Ubuntu, one that uses a root account, it looks like this may have gone a lot smoother.


It looks like the site, for DN-systems is up and running and they are hosting the files for download. The link, though, does not work for me and gives me a 404 error.
Have a look here: http://www.dn-systems.org/boss/slad2/ I am not sure which file it is you are after, but perhaps you could point it to the correct one?
The link I posted had a extra character at the end, this is the correct link:
http://www.dn-systems.org/boss/slad-...urrent.tar.bz2

The download of the package works via any web browser but not via the SLAD installer GUI launched from the terminal.
I checked the proxy settings on the local and remote machines for apt in /etc/bash/bash.rc for http and ftp and the network connection proxy settings.

I wonder could it do with port forwarding for ssh
https://help.ubuntu.com/community/SS...PortForwarding

Remote Port Forwarding: connections from the SSH server are forwarded via the SSH client, then to a destination server

The command they give is:
ssh -R 5900:localhost:5900 guest@joes-pc

Not sure how this can work with current way I am running SLAD installer:

user@localhost:~$ sudo /usr/bin/sladinstaller

user@local:~$ grep Forwarding /etc/ssh/sshd_config
X11Forwarding yes
user@remote:~$ grep Forwarding /etc/ssh/sshd_config
X11Forwarding yes

Although it seems Dynamic port forwarding or using SSH to forward graphical applications over a network seems more relevant but I am not sure how I can implement this with the current way I run the SLAD Installer.

Any ideas?
 
Old 02-29-2012, 09:44 AM   #23
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
An update on the SLAD Installation, I have finally installed SLAD on the target machine however it was not a clean install.

Following my issue with the package not downloading on the target/remote system, I tried changing the /etc/ssh(d)_config files and also installing programs like corkscrew and connect-proxy in order to tunnel SSH through HTTP proxy:

http://en.kioskea.net/faq/2288-insta...rver-on-ubuntu

http://www.ubuntugeek.com/how-to-use...in-ubuntu.html

This did not work (there is an option to set a proxy in the ssh_config file so best to use this instead)

Following theses attempts with HTTP proxy and adding more config files to ./.ssh/ and checking permissions, the id_rsa file somehow got corrupted by either moving it or the preceding changes.
The error I got was :
debug1: Connection established.
debug1: identity file /home/user1/.ssh/identity type -1
debug3: Not a RSA1 key file /home/user1/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype

So the changes I made somehow corrupted the file but ssh still worked via the terminal but not for the /usr/bin/sladinstaller on the local system when ran. I debugged the local ssh server and got that error message above so I moved the private id_rsa out of the .ssh directory. This got rid of the error but the sladinstaller kept giving authentication error messages as mentioned earlier in the thread.

To avoid wasting more time troubleshooting I did this:

1. Remove all keys and files in .ssh directories on both local and remote machines (files like keys, known hosts etc)
2. Replace edited ssh_config and sshd_config files with unedited files of both
3. Generate new keys and verify the new keys
4. Copy new public key to remote .ssh directory
5. For Ubuntu users ensure, the user "root" account is enabled. Check that all file permissions are as follows on local and remote hosts
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
6. Check that ssh-server is installed on the target machine
http://vibhorkumar.wordpress.com/201...ction-refused/
7. Run the slad installer as normal user on the local machine and it should run and download the package (although I am not sure why it can now download the package from the server)
8. For Ubuntu users, disable the "root" account

Troubleshoot ssh connection issues such as bad permissions, corrupt keys with these links:

https://help.ubuntu.com/community/SSH/OpenSSH/Keys
http://www.tek-tips.com/faqs.cfm?fid=6934
http://blog.codefront.net/2007/02/28...tion-problems/
http://old.nabble.com/Bad-passphrase...d30553958.html
http://www.noah.org/wiki/SSH_public_keys
https://help.ubuntu.com/community/SS...SH/Configuring

Time to test this simple installation!! (Hope this helps someone as the instructions are minimal and non existent for certain stages of this build)

Also thanks to Noway2 for their contribution/help towards solving this install issue!

Last edited by shayno90; 02-29-2012 at 09:47 AM.
 
1 members found this post helpful.
Old 02-29-2012, 10:35 AM   #24
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Wow, what a process! I am keeping my fingers cross that it works! Once all is well, I think that this thread may warrant white-paper or sticky status as how to get the OpenVAS SLAD working on Ubuntu.
 
Old 03-09-2012, 06:06 AM   #25
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
Indeed following the SLAD installation, it is a necessary to also ensure you have exim 4 server and mailutils installed as tripwire installs along with SLAD and it sends an email for the cronjob about the system files. However this error message appears:

user@local:~$ sudo /usr/sbin/tripwire --check
### Error: File could not be opened.
### Filename: /var/lib/tripwire/local.twd
### No such file or directory
### Exiting...

The twinstall.sh script is located in the /etc/tripwire directory nor any other directory.

The command below wants to create the twcfg and twpol files even though they are already created:

[root@home /etc/tripwire]# twadmin --create-polfile --cfgfile ./tw.cfg
--site-keyfile ./site.key ./twpol.txt

ls -l /etc/tripwire/
iomlán 48
-rw------- 1 root root 931 2010-10-07 23:30 hostname-local.key
-rw------- 1 root root 931 2010-10-07 23:28 site.key
-rw-r--r-- 1 root root 4586 2010-10-07 23:30 tw.cfg
-rw-r--r-- 1 root root 486 2009-11-07 23:41 twcfg.txt
-rw-r--r-- 1 root root 486 2009-11-07 23:41 twcfg.txt.orig
-rw-r--r-- 1 root root 4159 2010-10-07 23:30 tw.pol
-rw-r--r-- 1 root root 6057 2009-11-07 23:41 twpol.txt
-rw-r--r-- 1 root root 6057 2009-11-07 23:41 twpol.txt.orig

It appears you have to generate the script although the command to do so asks for a local passphrase which is not created since twinstall.sh is not run:

root@local:/etc/tripwire# tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --site-keyfile /etc/tripwire/site.key --local-keyfile /etc/tripwire/hostname-local.key
Please enter your local passphrase:
Incorrect local passphrase.

So how do I initialize the tripwire database without a twinstall script?

Or a better question how do I initialize the database without knowing the local and site passphrase which was somehow created without me specifying them during the SLAD installation when tripwire was also installed??

Last edited by shayno90; 03-09-2012 at 06:30 AM.
 
Old 03-09-2012, 10:11 AM   #26
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
In the end I just moved the existing tripwire conf and pol files plus keys out of the tripwire directory.
Then recreated the keys and signed to create the conf and pol files.
Finally I created the tripwire database.
 
  


Reply

Tags
install, key, openssl, security, verify


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Host key verification failed brownie_cookie Linux - Newbie 2 03-29-2011 06:56 AM
OpenSSL Public Key Issue delite Programming 1 07-07-2010 08:46 PM
scp - Host key verification failed. Hellbike Linux - Server 2 05-30-2010 03:16 AM
Aircrack-ng install: openssl issue avbasot400 Ubuntu 6 05-16-2009 10:50 AM
Use Openssl to do signing and verification johnny.lee Programming 0 02-18-2004 09:30 PM


All times are GMT -5. The time now is 09:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration