Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssh host-keys not shown correctly #2105

Closed
lmm-git opened this issue Aug 16, 2020 · 1 comment
Closed

ssh host-keys not shown correctly #2105

lmm-git opened this issue Aug 16, 2020 · 1 comment
Assignees
Labels

Comments

@lmm-git
Copy link

@lmm-git lmm-git commented Aug 16, 2020

Describe the bug
The NSE script ssh-hostkey seems to not produce any results on recent Debian based distributions (as scan target), although ssh-keyscan is producing correct results.

To Reproduce
nmap -p 22 -script ssh-hostkey vpn.iwt.rechenknecht.net is showing no results. Server is running unmodified versions of OpenSSH on Ubuntu 20.04.

nmap -p 22 -script ssh-hostkey jitsi.giz.berlin is producing correct results as expected. This server is running Ubuntu 18.04.

On both servers, ssh-keyscan is producing results as expected. Also both SSH-Servers are working as expected (login possible).

Expected behavior
For the first command I expect an output like this:

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-16 10:14 CEST
Nmap scan report for jitsi.giz.berlin (78.47.228.243)
Host is up (0.031s latency).
Other addresses for jitsi.giz.berlin (not scanned): 2a01:4f8:c0c:6a38::1

PORT   STATE SERVICE
22/tcp open  ssh
| ssh-hostkey: 
|   2048 98:a2:b2:a5:16:76:8f:e1:ee:a3:bc:1d:29:1e:f7:12 (RSA)
|   256 bd:b2:97:8a:a0:3d:36:3b:b9:0e:61:40:13:e6:26:30 (ECDSA)
|_  256 8d:ea:4c:41:6c:e7:20:bd:42:0b:a8:fc:c9:15:2a:1f (EdDSA)

Nmap done: 1 IP address (1 host up) scanned in 1.61 seconds

but am getting this:

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-16 10:14 CEST
Nmap scan report for vpn-01.cnr.marschke.me (168.119.53.147)
Host is up (0.032s latency).
Other addresses for vpn-01.cnr.marschke.me (not scanned): 2a01:4f8:c17:e31d::1
rDNS record for 168.119.53.147: static.147.53.119.168.clients.your-server.de

PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 1.46 seconds

Version info (please complete the following information):

  • OS: Ubuntu 20.04, Debian 10 (as scan target)
  • Scanning-OS: Kali Linux (latest updates installed as of 16th August

Additional context
Tested with nmap 7.60 as well.

@lmm-git lmm-git added the Nmap label Aug 16, 2020
@nnposter nnposter self-assigned this Aug 16, 2020
@nnposter nnposter added bug NSE and removed Nmap labels Aug 16, 2020
@nnposter
Copy link

@nnposter nnposter commented Aug 16, 2020

Thank you for reporting the issue. There was a bug in library nselib/ssh2.lua that was causing the code to come to incorrect conclusion which key exchange algorithm should be used.

A fix has been committed as r37977. Please try again after refreshing this file from SVN or GitHub.

@nmap-bot nmap-bot closed this in 2e01029 Aug 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.