这是参考问题:
使用 Nessus Credentialed 检查扫描 sg350-28
在过去的几周里,我一直在研究这个问题,并认为我已经弄清楚了问题所在:
[2022-02-15 21:11:11] [session 1] try_ssh_kb_settings_login: Opening a connection to port 22 to test 'none' authentication...
[2022-02-15 21:11:11] [session 1] session.open_connection: Connecting to port 22.
[2022-02-15 21:11:11] [session 1] session.open_connection: Socket opened on port 22.
[2022-02-15 21:11:11] [session 1] ssh_client_state.set: ** Entering STATE SOC_OPENED **
[2022-02-15 21:11:11] [session 1] session.open_connection: Received server version SSH-2.0-OpenSSH_7.3p1.RL
[2022-02-15 21:11:11] [session 1] session.sshsend: Outgoing Unencrypted packet:
0x00: 53 53 48 2D 32 2E 30 2D 4F 70 65 6E 53 53 48 5F SSH-2.0-OpenSSH_
0x10: 35 2E 30 0A 5.0.
[2022-02-15 21:11:11] [session 1] try_ssh_kb_settings_login: Successfully opened a connection on port 22.
[2022-02-15 21:11:11] [session 1] session.complete_kex: KEX is not yet complete. Attempting to complete KEX before continuing.
[2022-02-15 21:11:58] [session 1] session.sshrecv: Incoming Unencrypted packet:
0x00: 00 00 00 34 07 01 00 00 00 02 00 00 00 1F 69 64 ...4..........id
0x10: 6C 65 20 63 6F 6E 6E 65 63 74 69 6F 6E 20 74 69 le connection ti
0x20: 6D 65 6F 75 74 20 65 78 70 69 72 65 64 00 00 00 meout expired...
0x30: 00 00 00 00 00 00 00 00 ........
[2022-02-15 21:11:58] [session 1] session.sshrecv_until: Handling packet.type: 1 [PROTO_SSH_MSG_DISCONNECT]
该会话超时正在发生,因为握手未正确进行并且正在超时。
做了很多 google fu 我正在研究如何添加甚至检查交换机上启用了哪些算法
从 ssh 的详细输出中,我无法真正说出缺少什么。
这是来自安装 nessus 的服务器
[root@localhost ~]# ssh -vv aftest@192.168.1.254
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "192.168.1.254" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.254 [192.168.1.254] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3p1.RL
debug1: match: OpenSSH_7.3p1.RL pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.254:22 as 'aftest'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
debug2: MACs ctos: hmac-sha1
debug2: MACs stoc: hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: diffie-hellman-group-exchange-sha1 need=64 dh_need=64
debug1: kex: diffie-hellman-group-exchange-sha1 need=64 dh_need=64
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1004/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:gKvy1VIaUuuof58/pXPIki3lG5uhIxLBewVAL9oWS0s
debug1: Host '192.168.1.254' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug2: bits set: 1054/2048
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug2: key: /root/.ssh/id_ed25519 ((nil))
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password
debug1: Next authentication method: password
aftest@192.168.1.254's password:
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to 192.168.1.254 ([192.168.1.254]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 2097152 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
switch778de9>
我不确定如何从 nessus 获得相同的输出,也不确定为什么我可以从服务器而不是 nessus 应用程序 ssh。
cisco sg350交换机有精简的IOS版本,网上看到的很多命令都不可用
例如:
Device# configure terminal
Device# ip ssh {server | client } algorithm mac {hmac-sha1 | hmac-sha1-96 }
这是 Cisco sg350 交换机的输出
switch778de9#configure
switch778de9(config)#ip
access-list This command creates an ACL, which perform
classification on layer 3 fields and enters ip-access
configuration mode.
arp ARP configuration commands
default-gateway Specify default gateway
dhcp IP DHCP client commands
domain IP Domain Naming System
helper-address Specify a destination address for UDP broadcasts
host To define static host name-to-address mapping in the
host cache
http Specify the HTTP server configuration
https HTTPS server configuration
igmp IGMP interface commands
igmp-proxy IGMP proxy configurations
multicast-routing To enable IP multicast routing
name-server To set the available name servers, use the ip
name-server global configuration command.
route Establish static routes
routing Enable IP routing
source-guard IP source-guard configuration
ssh Global Secure Shell protocol configuration subcommands
ssh-client secure shell client.
telnet Telnet server configuration
switch778de9(config)#ip ssh
password-auth To enable password authentication for incoming SSH
sessions
port Specify the port to be used by the SSH server. To use
the default port, use the no form of this command.
pubkey-auth To enable public key authentication for incoming SSH
server Enable the device to be configured from SSH. Use the
no form of this command to disable this function.
switch778de9(config)#ip ssh server
<CR>
switch778de9(config)#ip ssh server
还有什么我可以检查的吗?