English | Deutsch
Home »

OpenVAS Change Request #54: Improve SSH Support

Status: Voted +4. In progress.



Improve SSH support in OpenVAS Libraries by using a library.


The current support for SSH connections in OpenVAS is split between OpenVAS Libraries, which supplies basic cryptographic functions with the help of the GnuTLS library, and NASL libraries like ssh_func.inc, which provide functionality for establishing an SSH connection through a network socket.

This implementation has a number of drawbacks:

This change request proposes establishing an alternative SSH functionality which will be compatible with the current implementation for an NVT point of view and will ultimately replace the current implementation.

The most promising approach for gaining an alternative SSH functionality is using an existing well-maintained library. Early tests with libssh2 have shown good results.


A major effect of this change would be a increase in compatibility with SSH targets and more reliable SSH functionality.

A side effect would be adding one more dependency to OpenVAS Libraries and a future loss of functionality for systems not able to provide this dependency. However, the current versions of all major GNU/Linux distributions provide this dependency.

Design and Implementation

A first step will be adding a new set of NASL commands which access the SSH functionality provided by the SSH library instead of using the current implementation. NVTs can then decide on the NASL level which implementation they wish to use.