Nessus Adds EC25519 Support for SSH Local Checks

Summary

SSH local checks in the Nessus now support the lightweight and secure 25519 elliptic curve. This support includes all standard uses of the 25519 curve including host signature validation, authenticating clients to hosts, hosts to clients and Diffie-Hellman generation of shared secret keys for over the wire encryption.

Notes

All aspects of curve 25519 support for SSH in Nessus require Nessus 10.4 or higher. Key exchange using curve 25519 requires Nessus 10.5 or higher

EC25519 keys for hosts and users must be created using the OpenSSH keygen tool. They must also be PEM formatted. The actual binary format of these keys is not PEM, however. It is an OpenSSH proprietary format that mimics the outward appearance of traditional PEM formatted keys by being base64 encoded and bounded by a text header and footer.

Example

The following command demonstrates the creation of an EC25519 public/private keypair for use in Nessus public key authentication:

ssh-keygen -t ed25519 -m pem -f my_25519_ssh_keypair

Target Release Date

February 20, 2023