Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remote scan failed (from centos to centos) #243

Open
GhostRock37 opened this issue Jan 22, 2020 · 1 comment
Open

remote scan failed (from centos to centos) #243

GhostRock37 opened this issue Jan 22, 2020 · 1 comment
Labels
unclear

Comments

@GhostRock37
Copy link

GhostRock37 commented Jan 22, 2020
edited

During a remote scan with scap-worbench, from one CENTOS to another CENTOS, I got an error (see the log below).

What is amazing is that we do not have the askpass popup to authenticate (stdout redirection problem?) Whereas if I launch a DRY SCAN (with the same machines) in a terminal, everything is OK

Is there an ASKPASS or other variable concern? thank you.

OTher things : scap-workbench is not launch with root

DRY RUN: is OK

oscap-ssh user@computer.francecentral.cloudapp.azure.com 22 xccdf eval --datastream-id scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml --xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml --profile xccdf_org.ssgproject.content_profile_pci-dss --oval-results --results /tmp/xccdf-results.xml --results-arf /tmp/arf.xml --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

Another thing:
the scap-worbench command line launched in a terminal seems good (an askpass window appears to authenticate):
/usr/bin/setsid /usr/bin/ssh -M -f -N -o ServerAliveInterval=60 -o ControlPath=/tmp/ljXSlY/ssh_socket -p 22 user@computer.francecentral.cloudapp.azure.com

Error in scap-worbench when i launch remote scan:

_08:56:44
info
SCAP Workbench 1.1.6, compiled with Qt 4.8.7, using OpenSCAP 1.2.17

08:56:53
info
Opened file '/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml'.

08:57:23
info
Establishing connecting to remote target...

08:57:29
error
Can't connect to remote machine! Exception was: There was a problem with SshConnection! Failed to create SSH master socket! Diagnostic info: Starting process '/usr/bin/setsid /usr/bin/ssh -M -f -N -o ServerAliveInterval=60 -o ControlPath=/tmp/ljXSlY/ssh_socket -p 22 user@computer.francecentral.cloudapp.azure.com' Starting process '/usr/bin/setsid /usr/bin/ssh -M -f -N -o ServerAliveInterval=60 -o ControlPath=/tmp/ljXSlY/ssh_socket -p 22 user@computer.francecentral.cloudapp.azure.com' stdout: =============================== stderr: =============================== No protocol specified (gnome-ssh-askpass:3511): Gtk-WARNING **: 08:57:23.671: cannot open display: :0 **No protocol specified (gnome-ssh-askpass:3512): Gtk-WARNING : 08:57:25.623: cannot open display: :0 No protocol specified (gnome-ssh-askpass:3515): Gtk-WARNING **: 08:57:27.177: cannot open display: :0 No protocol specified (gnome-ssh-askpass:3516): Gtk-WARNING **: 08:57:29.336: cannot open display: :0 Permission denied, please try again. No protocol specified (gnome-ssh-askpass:3517): Gtk-WARNING **: 08:57:29.347: cannot open display: :0 Permission denied, please try again. No protocol specified (gnome-ssh-askpass:3518): Gtk-WARNING **: 08:57:29.358: cannot open display: :0 Received disconnect from XX.XX.XX.XX port 22:2: Too many authentication failures Authentication failed._
@matusmarhefka
Copy link
Member

@GhostRock37 Please check #237 (comment), it might be the cause of your issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
unclear
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@evgenyz @matusmarhefka @GhostRock37