SSH Authentication - Target Priority Lists

Summary

Tenable is updating many of their products to allow specific hostnames and IP addresses to be indicated for specific SSH credentials. Some customers wish to have numerous SSH credentials in a specific scan policy, against several target devices. Because of the way our SSH credential attempts were previously structured, they would each be tried in turn until a successful authentication with a credential was discovered. We have added a new field in SSH credentials for Nessus, T.io, and similar products (T.sc will add this later): a "Targets to prioritize credentials" field.

Impact

Any SSH credential may have a list of specific hostnames or IPs (comma or space separated) entered in this field. If any of the scan targets match a hostname or IP address within that field, then that credential will be bumped to the front of the list of credentials tried. If you have 100 credentials specified, and the successful one for a given target is the 59th set, but that credential has the target machine's hostname or IP in the targets “Targets to prioritize credentials" field, then that credential will be tried in front of every other credential that does not have that hostname or IP in that field. It could be the 59th credential specified, but it will be one of the first SSH credentials attempted against that target machine.

This will save customers a lot of time if they would like credentials that they know work against a target machine to be attempted first for that machine.

This feature will be available on any Tenable product that ties credentials to a specific scan policy. Products where the credentials can exist separately to the scan policy (T.sc) will have this feature implemented for those non-policy-attached credentials at a later time.

Changes

Any customers who have several SSH credentials and several scan targets in a single scan policy should consider entering the correct hostnames and IPs for their target machines into the appropriate SSH credential's "Targets to prioritize credentials" field to optimize their scans and make them run faster.

Target Release Date

Immediate