I think I’ve found the main source of the PS1 problem with Nessus’ ssh_cmd(); it would seem it doesn’t like ksh, as it produces something like the following in the report output, which appears to be due to PS1 being set to “$ “: Last login: Fri Dec 3 11:08:43 2010 from 192.168.1.2 $ $ If you change the login user’s shell to bash, the problem goes away (as long as PS1 ends with $, %, # or >), although I guess its possible that if the bash prompt was set to just “$ ” instead of the usual “-bash-3.

I’m getting fed up with Nessus 4.2.2/4.4.0 and its HTTPS timeouts, crap SSH banner handling (the $PS1/last bug) and closed-source nature meaning that we can’t use certain Linux distro’s anymore; and the fact that it uses Flash10 means we can’t use it over Citrix. So I thought I’d give OpenVAS a try. Well all I can say is come back Nessus, all is forgiven! For an opensource platform, OpenVAS really sucks as far as documentation and packaging goes.

I’ve patched and built 64-Bit Fedora 14 RPM’s for John-the-Ripper (the password cracker) here and rain (the packet crafter) here. The JtR package includes the recent patches for Generic Salted SHA-1 and Netscreen, as well as the usual Jumbo-7 patch. Update: As the SHA1/Netscreen patches have been merged into the Jumbo-9 patch, I’ve updated the John 1.7.6-3 RPM’s to just apply Jumbo-9 to a vanilla 1.7.6 Update 2: I’ve just built Back In Time v1.

I used a slightly modified version of my instructions in this earlier post to upgrade my laptop from Fedora 13 to 14 today, without using a DVD drive or USB key etc. Basically PXE booted over the network and did a DVD upgrade using an NFS mounted ISO image. Last time I did this for F13 I used the yum method which caused something like 3Gb to be downloaded and took overnight.

I’ve been experimenting with using SSH as a VPN. That is to say not just tunnelling a single port but forwarding all traffic through the remote host like a router. I’ve pulled together instructions from here and here and have this: Enable root SSH with keys and allow tunnelling on the remote machine in /etc/ssh/sshd_config: PermitTunnel yes PermitRootLogin without-password Generate root SSH keys on the local machine and copy the public one to the remote machine: ssh-keygen -t rsa scp id_rsa.