we are testing MVM7.5 in our enviornment and I have Problem with shell credentials.
I want to scan a Redhat V6 and in the the settings tab of scan properties I have added an individual shell
in the Shell Individual Host field I inserted the IP address of the linux server, in User ID tab I inserted the ROOT username of that linux system then in the security section I chose certificate and password to enable the password and confirm password fields then I have inserted the password of root user , in the shell options section I chose SSHv2 or SSHv1, Im sure that my Linux server accepts SSH and I tried to ssh to specified linux server from another Linux machine , I even tried different options of Privileged Access section but still when I look at the log messages in my linux server all the authentication attempts from the MVM serverhave been failed
I spent lots of time trying other options like default shell and Shell Domain but still I couldnt gain any results
by any result I mean there is no difference between a default scan with no credentials and with credentials
I have tested the Credentials for windows networks and it worked perfectly but in linux Im kinda loosing my hope
so I came here to ask for your help!
thanks in adavance
Hello Arsalan , It should work the way you configured .By the way , are you enterring the credentials within the scan Or maintaining a Credentials set .Let me summarize it below .
Account Type : Shell Individual Host
Shell Individual Host : Type IP Address
User ID : Specify user name
Password & confirm password : Enter password
Protocol : SSHV2 or SSHV1
Security : Certificate or Password
Privilege Access : First try with none ,else use Root .
Before trying with Foundstone ,use Putty and attempto Server yourself on port 22 and see if it works .Once connected , run some command such as whoami , uname -a etc. Additionally ,look for this article (KB54752) on Mcafee KB and it will tell you exactly what commands are run by MVM on Linux .
but im kinnda fixed it
today I tried to reconfigure my ssh settings on my linux machine but that didnt help with anything
I did all the things that u said before but you know there is a check box in the top of the screen and that tiny little thing was the cure!!
I forgot to enable the Trust unknown remote-shell targets and by checking that box my problem was solved .
now I can see a big difference in my results thanks to that checkbox!
and thank you for checking up on my problem.
so thats it we are vulnerable thanks to mvm we now know it
For added security, you may want to leave that box unchecked. To around the need to select that option in the scan you need to first run a scan to collect the Target SSH keys, then manually 'trust' the targets thru Manage > Assets.
The following KB Article goes into the details a bit:
I hope that helps!