I'm running into issues while trying to perform a credentialed scan on a Cisco 1300 series switch using Nessus. I've configured everything to use SSH, but I keep encountering authentication failures. After checking the debug logs, here's the gist of what I'm seeing: I've already changed the network discovery settings in Nessus, disabled unnecessary plugins, and verified my SSH credentials. I've tried both with and without the 'enable' mode, and even updated the switch's firmware to resolve a known bug regarding KEX with SSH. Despite all this, the scan still fails to authenticate. I'm seeking any tips or alternative methods that might help us troubleshoot or work around this problem!
2 Answers
Since you've updated the firmware on the switch, you might be overlooking something if you think the KEX issue isn't the culprit. The fact that you're receiving timeout messages instead of a direct failure could indicate interference, perhaps from a firewall or malicious packet alteration. Also, check whether a reboot might be necessary post-firmware update; sometimes, it helps clear lingering issues.
If rebooting doesn't do the trick, it might be worth investigating if there are any known SSH bugs with your specific version of Nessus.
It sounds like you might be facing an SSH version mismatch between your Nessus client and the switch. It's possible that the two aren't able to negotiate, depending on how old or new either one is. Without actual logs, it's tough to nail it down, but pasting in similar logs doesn't really give the full picture.
I see what you mean, but these logs come straight from my Nessus debug plugin outputs.
If they're timing out during the Key Exchange, I can see how that's frustrating. I'm considering switching to SNMP or using key pairs, but SSH seems like the easiest route! Let's keep exploring SSH first.
I've confirmed there's no firewall impacting the connection and that the firmware is indeed updated. I might try a reboot, but SSH works from other devices, including from the Nessus server itself; so I suspect something's off with the Nessus configuration.