Overview
You are using LanGuard to scan and patch Linux computers, and scanning and remediation jobs are failing with error "Error connecting to SSH: 0(The operation completed successfully)." All required ports (22) to the client machines are open.
Solution
Most commonly, the error above is caused by the necessary requirements not being met, connection timeout, an application (often firewall) blocking the connection, an incorrect port being used, or environmental issues.
- Ensure that your LanGuard server is Upgraded to the latest version.
- Verify whether the distribution and version are supported and ensure the requirements are met following the Requirements to Scan and Patch Linux Computers with LanGuard article.
- Please create a new scanning profile for the Linux with only the necessary checks and high SSH timeout, and use it during the scans on the Linux targets.
- If using an account other than the root, try scanning with the root account to ensure it is not a permissions problem as follows:
- In the LanGuard console Scan tab, click the Scan Options... and un-check the option to Use per computer credentials when available.
- Scan Target should be set to the IP Address of the target machine.
- Select Alternative credentials.
- Use root as the Username.
The "Use per computer credentials when available" setting will cause LanGuard to use the settings from the Dashboard > <Host_Name> properties > Credentials section.
- If the above settings fail, use Putty to connect to the target machine using the root account to verify that you can actually connect. If you cannot, address the environment security settings blocking the connection with the help of your security team.
Repeat the failing operation. If the error is still there, this is an environmental issue. For example, authentication problem, NSLOOKUP resolution providing the results from a round robin of different names, custom settings on the Linux machine.
The logs located in %Data%\GFI\LanGuard 12\DebugLogs\ directory, lanss_vxxx_sshrunner.csv and lanss_vxxx_securityscanner.csv (for scanning) in particular, can help to find out the root cause. For example, a clear indicator for an authentication issue with the credentials used would be the following record in the lanss_vxxx_sshrunner.csv log:
... "warning","Srunner","Authentication failed"
Testing
Once the root cause is resolved, repeat the failing operation. If the issue persists, contact GFI LanGuard Support.