Nmap ssh-publickey-acceptance NSE Script
This page contains detailed information about how to use the ssh-publickey-acceptance NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/ssh-publickey-acceptance.nse
Script categories: auth, intrusive
Target service / protocol: ssh
Target network port(s): 22
List of CVEs: -
Script Description
The ssh-publickey-acceptance.nse script takes a table of paths to private keys, passphrases, and usernames and checks each pair to see if the target ssh server accepts them for publickey authentication. If no keys are given or the known-bad option is given, the script will check if a list of known static public keys are accepted for authentication.
Ssh-publickey-acceptance NSE Script Arguments
This is a full list of arguments supported by the ssh-publickey-acceptance.nse script:
knownbadIf specified, check if keys from publickeydb are accepted
publickeydbSpecifies alternative publickeydb
ssh.passphrasesTable containing passphrases for each private key
ssh.privatekeysTable containing filenames of privatekeys to test
ssh.publickeysTable containing filenames of publickkeys to test
ssh.usernamesTable containing usernames to check
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=ssh-publickey-acceptance --script-args knownbad=value,publickeydb=value <target>Ssh-publickey-acceptance NSE Script Example Usage
Here's an example of how to use the ssh-publickey-acceptance.nse script:
nmap -p 22 --script ssh-publickey-acceptance --script-args "ssh.usernames={'root', 'user'}, ssh.privatekeys={'./id_rsa1', './id_rsa2'}" <target>
nmap -p 22 --script ssh-publickey-acceptance --script-args 'ssh.usernames={"root", "user"}, publickeys={"./id_rsa1.pub", "./id_rsa2.pub"}' <target>
Ssh-publickey-acceptance NSE Script Example Output
Here's a sample output from the ssh-publickey-acceptance.nse script:
22/tcp open ssh syn-ack
| ssh-publickey-acceptance:
| Accepted Public Keys:
|_ Key ./id_rsa1 accepted for user root
Ssh-publickey-acceptance NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Devin Bjelland
References
- https://nmap.org/nsedoc/scripts/ssh-publickey-acceptance.html
- https://github.com/nmap/nmap/tree/master/scripts/ssh-publickey-acceptance.nse
See Also
Related NSE scripts to the ssh-publickey-acceptance.nse script:
Visit Nmap NSE Library for more scripts.
The ssh-publickey-acceptance.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Error reading key:
Here is a relevant code snippet related to the "Error reading key: " error message:
58: for j = 1, #usernames do
59: for i = 1, #publickeys do
60: stdnse.debug("Checking key: " .. publickeys[i] .. " for user " .. usernames[j])
61: local status, result = helper:read_publickey(publickeys[i])
62: if not status then
63: stdnse.verbose("Error reading key: " .. result)
64: elseif helper:connect(host, port) then
65: successes = successes + 1
66: local status, err = helper:publickey_canauth(usernames[j], result)
67: if status then
68: table.insert(r, "Key " .. publickeys[i] .. " accepted for user " .. usernames[j])
Error in publickey_canauth: %s
Here is a relevant code snippet related to the "Error in publickey_canauth: %s" error message:
66: local status, err = helper:publickey_canauth(usernames[j], result)
67: if status then
68: table.insert(r, "Key " .. publickeys[i] .. " accepted for user " .. usernames[j])
69: stdnse.verbose("Found accepted key: " .. publickeys[i] .. " for user " .. usernames[j])
70: elseif err then
71: stdnse.debug("Error in publickey_canauth: %s", err)
72: end
73: helper:disconnect()
74: else
75: -- Allow 3 connection attempts, then bail
76: failures = failures + 1
Connect failed.
Here is a relevant code snippet related to the "Connect failed." error message:
72: end
73: helper:disconnect()
74: else
75: -- Allow 3 connection attempts, then bail
76: failures = failures + 1
77: stdnse.debug1("Connect failed.")
78: if failures > 2 then
79: if successes == 0 then
80: -- If we haven't succeeded even once, don't report results.
81: stdnse.debug1("Giving up.")
82: return nil
Connect failed.
Here is a relevant code snippet related to the "Connect failed." error message:
108: end
109: helper:disconnect()
110: else
111: -- Allow 3 connection attempts, then bail
112: failures = failures + 1
113: stdnse.debug1("Connect failed.")
114: if failures > 2 then
115: if successes == 0 then
116: -- If we haven't succeeded even once, don't report results.
117: stdnse.debug1("Giving up.")
118: return nil
Failed to authenticate
Here is a relevant code snippet related to the "Failed to authenticate" error message:
129: for i = 1, #privatekeys do
130: stdnse.debug("Checking key: " .. privatekeys[i] .. " for user " .. usernames[j])
131: if helper:connect(host, port) then
132: successes = successes + 1
133: if not helper:publickey_auth(usernames[j], privatekeys[i], passphrases[i] or "") then
134: stdnse.verbose "Failed to authenticate"
135: else
136: table.insert(r, "Key " .. privatekeys[i] .. " accepted for user " .. usernames[j])
137: stdnse.verbose("Found accepted key: " .. privatekeys[i] .. " for user " .. usernames[j])
138:
139: end
Connect failed.
Here is a relevant code snippet related to the "Connect failed." error message:
139: end
140: helper:disconnect()
141: else
142: -- Allow 3 connection attempts, then bail
143: failures = failures + 1
144: stdnse.debug1("Connect failed.")
145: if failures > 2 then
146: if successes == 0 then
147: -- If we haven't succeeded even once, don't report results.
148: stdnse.debug1("Giving up.")
149: return nil
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
