Automatically accept SSH disclaimers

Summary

A new UI setting is being made available, allowing customers to indicate that Tenable products are permitted to accept disclaimers on their behalf when SSH connections require user input for disclaimer agreement.

Change

A new Advanced policy setting for scans in Nessus, T.io, and T.sc named "Automatically accept detected SSH disclaimer prompts" is being added. This allows customers connecting to devices which require text input to agree to a disclaimer, such as FortiOS, to authorize Tenable products to supply the necessary responses to those disclaimers. By default this setting is not enabled.

Without the setting enabled, credentialed scans on products with a disclaimer will produce an error. If Nessus identifies the presence of a FortiOS post-login disclaimer blocking the scan this error will be reported in the output of 97993:

“Local security checks have been disabled because a FortiOS disclaimer prompt has been detected in the response to an SSH connection, but the setting for permitting this Tenable product to accept the disclaimer has not been enabled or did not function correctly. You must manually enable this setting in your scan policy, which indicates your permission and consent for this Tenable product to connect to this system and accept the disclaimer.”

With the setting enabled, the Nessus scanner will provide the necessary output to accept the disclaimer and continue the scan.

Impact

Customers running FortiOS with a post-login banner can complete scans of those devices using the new setting.

Plugins

97993 - OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library)

Target Release Date

31 August 2020