Nmap Development mailing list archives
Re: nmap-7.60 on Mac OS X - ssh-publickey-acceptance not working
From: Ionreflex <ionreflex () gmail com>
Date: Sun, 10 Sep 2017 09:03:23 -0400
Hi Dan, I confirmed that the script is working with a private key without passphrase... but I've detected some strange behavior using the public key... here we go! 1. if I run the following command : /> sudo nmap --script +ssh-publickey-acceptance --script-args
"ssh.usernames={'ionreflex'}, ssh.publickeys={'/Users/ionreflex/.ssh/id_rsa.pub'}" -p 2222 random.null.io
... the command break after ... NSE: Starting ssh-publickey-acceptance against random.linkpc.net (
100.64.0.1:2222). NSE: [ssh-publickey-acceptance 100.64.0.1:2222] Checking key: /Users/ionreflex/.ssh/id_rsa.pub for user ionreflex
... so it doesn't finish and the console won't output anything until I reset it! This seems to happen only if I provide 1 username to test; if I provide more, all goes well. I've reproduced this behaviour on Mac OS X El Capitan (nmap installed via official .dmg), debian wheezy running on armv7l (gitted nmap) and CentOS 7 (gitted nmap)... but not on Ubuntu 16.04.3 LTS (gitted nmap)?? 2. never been able to successfully get a positive result with "ssh.publickeys", it always ends up with the following : | ssh-publickey-acceptance:
|_ Accepted Public Keys: No public keys accepted
End of line. [ ^ ] 2017-09-08 14:20 GMT-04:00 Daniel Miller <bonsaiviking () gmail com>:
As we determined today on IRC, the private key file was passphrase-protected. It is a shortcoming of the current libssh2 bindings that we do not return any sort of error information after a failure. In the meantime, I've just added the ability to supply passphrases in the script-args for ssh-publickey-acceptance in r36982. Hopefully we'll be able to get error reporting added soon. Dan On Thu, Sep 7, 2017 at 2:40 PM, Ionreflex <ionreflex () gmail com> wrote:Hi Dev, I've run into an error running NSE script "ssh-publickey-acceptance" on Mac OS X (El Capitan 10.11.6); at first I had the problem described in https://github.com/nmap/nmap/issues/955, but I had the reflex to search for it before posting. Nevertheless, even running the command from /usr/local/share/nmap my key failed to authenticate : /> ssh -vv -l ionreflex -p 2222 random.null.net ... debug1: Offering RSA public key: /Users/ionreflex/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 111 debug2: input_userauth_pk_ok: fp SHA256:493efcefb884d6b1d7c39ae 3a058805963b8c53e debug1: Authentication succeeded (publickey). /> sudo nmap -d --script +ssh-publickey-acceptance --script-args "ssh.usernames={'root', 'ionreflex'}, ssh.privatekeys={'/Users/ionreflex/.ssh/id_rsa'}" -p 2222 random.null.net ... NSE: Using Lua 5.3. NSE: Arguments from CLI: ssh.usernames={'root', 'ionreflex'}, ssh.privatekeys={'/Users/ionreflex/.ssh/id_rsa'} NSE: Arguments parsed: ssh.usernames={'root', 'ionreflex'}, ssh.privatekeys={'/Users/ionreflex/.ssh/id_rsa'} NSE: Loaded 1 scripts for scanning. ... NSE: [ssh-publickey-acceptance 100.64.0.1:2222] Checking key: /Users/ionreflex/.ssh/id_rsa for user ionreflex userdata: 0x00e0fd0a ionreflex /Users/ionreflex/.ssh/id_rsa NSE: [ssh-publickey-acceptance 100.64.0.1:2222] Failed to authenticate NSE: Finished ssh-publickey-acceptance against random.null.net ( 100.64.0.1:2222). Completed NSE at 15:15, 1.57s elapsed I've installed Nmap using the package available at the download page : https://nmap.org/dist/nmap-7.60.dmg Lemme know if you need more info or if I can help with anything! [ ^ ] _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap-7.60 on Mac OS X - ssh-publickey-acceptance not working Ionreflex (Sep 07)
- Re: nmap-7.60 on Mac OS X - ssh-publickey-acceptance not working Daniel Miller (Sep 08)
- Re: nmap-7.60 on Mac OS X - ssh-publickey-acceptance not working Ionreflex (Sep 10)
- Re: nmap-7.60 on Mac OS X - ssh-publickey-acceptance not working Daniel Miller (Sep 11)
- Re: nmap-7.60 on Mac OS X - ssh-publickey-acceptance not working Ionreflex (Sep 10)
- Re: nmap-7.60 on Mac OS X - ssh-publickey-acceptance not working Daniel Miller (Sep 08)