"Interrupted at 2 %" when using credentialed scans and behind a proxy

[huornlmj]

Expected behavior

The scanner should have been able to log into the remote Linux server via SSH with the credentials provided and perform an internal scan of the target.

Actual behavior

The scan failed with the message "Interrupted at 2 %".

Steps to reproduce

1. Create a credential in GVM using the user & SSH key option, generated by GVM.
2. Upload the public key to /home/$user/.ssh/authorized_keys
3. Configure the target with the SSH credential and create a scan task of the target.
4. Run the scan, observe the error.
5. To confirm it's related to authentication, re-create the same target but this time with no credential and run the scan.
6. Observe it scans to completion with no errors, but with no internal credentialed scan.
7. The issue also happens if you use a user & password combination.

GVM versions

Whatever versions come with https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml
gsa: (gsad --version)

gvm: (gvmd --version)

openvas-scanner: (openvas --version)

gvm-libs:

Environment

Operating system:
Ubuntu 22.04.4 LTS \n \l

Installation method / source: (packages, source installation)
Dockerfile
https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml

Logfiles

event task:MESSAGE:2024-08-21 16h44.31 utc:1734: Status of task x.x.x.x (f852374b-fb29-4fec-87c1-7514190ba5ca) has changed to Running
event task:MESSAGE:2024-08-21 16h50.16 utc:1734: Status of task x.x.x.x (f852374b-fb29-4fec-87c1-7514190ba5ca) has changed to Interrupted

** UPDATE ** - It appears that openvas container attempts to access http://openvasd/notus/ubuntu_22.04 but as my scanner is located behind a proxy, it is trying to send this request out via proxy, and the proxy server is returning with an error "504 DNS look up failed", obviously because it is being asked to serve a HTTP request for a single host name only, with no domain. Why is the openvas scanner a. trying to reach "http://openvasd/notus/ubuntu_22.04" via proxy , and only when b. the scan is configured to use a credential??

Updated logs:

greenbone-community-edition-openvas-1              | libgvm util:  DEBUG:2024-08-21 19h28.32 utc:3302: get_redis_ctx: connected to redis:///run/redis/redis.sock/3
greenbone-community-edition-openvas-1              | libgvm util:  DEBUG:2024-08-21 19h28.32 utc:3302: get_redis_ctx: connected to redis:///run/redis/redis.sock/3
greenbone-community-edition-openvas-1              | libgvm util:  DEBUG:2024-08-21 19h28.32 utc:3302: get_redis_ctx: connected to redis:///run/redis/redis.sock/3
greenbone-community-edition-openvas-1              | libgvm util:  DEBUG:2024-08-21 19h28.32 utc:3302: get_redis_ctx: connected to redis:///run/redis/redis.sock/3
greenbone-community-edition-openvas-1              | libgvm util:  DEBUG:2024-08-21 19h28.32 utc:3302: get_redis_ctx: connected to redis:///run/redis/redis.sock/3
greenbone-community-edition-openvas-1              | lib  misc:MESSAGE:2024-08-21 19h28.32 utc:3302: Running Notus for REDACTED-IP via openvasd
greenbone-community-edition-openvas-1              | lib  misc:  DEBUG:2024-08-21 19h28.32 utc:3302: send_request: URL: http://openvasd:80/notus/ubuntu_22.04
greenbone-community-edition-openvas-1              | lib  misc:  DEBUG:2024-08-21 19h28.33 utc:3302: Server response <!-- IE friendly error message walkround.
greenbone-community-edition-openvas-1              |      if error message from server is less than
greenbone-community-edition-openvas-1              |      512 bytes IE v5+ will use its own error
greenbone-community-edition-openvas-1              |      message instead of the one returned by
greenbone-community-edition-openvas-1              |      server.                                 -->
greenbone-community-edition-openvas-1              |
greenbone-community-edition-openvas-1              |
greenbone-community-edition-openvas-1              |
greenbone-community-edition-openvas-1              |
greenbone-community-edition-openvas-1              |
greenbone-community-edition-openvas-1              |
greenbone-community-edition-openvas-1              | <!DOCTYPE html><html lang="en"> <head> REDACTED HTML CONTENT OF PROXY SERVER REPORTING THE 504 DNS ERROR </html>
greenbone-community-edition-openvas-1              | lib  misc:MESSAGE:2024-08-21 19h28.33 utc:3302: Errror parsing
greenbone-community-edition-openvas-1              | lib  misc:MESSAGE:2024-08-21 19h28.33 utc:3302: No es un object
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: SIGSEGV occurred!
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: openvas: openvas: testing REDACTED-IP(sighand_segv+0x28) [0x560f2aeac818]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: /lib/x86_64-linux-gnu/libc.so.6(+0x3c050) [0x7f6dbc355050]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: /usr/local/lib/libopenvas_misc.so.23(run_table_driven_lsc+0x674) [0x7f6dbc87e054]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: openvas: openvas: testing REDACTED-IP(+0x5eb8) [0x560f2aea4eb8]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: openvas: openvas: testing REDACTED-IP(+0x67f1) [0x560f2aea57f1]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: openvas: openvas: testing REDACTED-IP(+0x72f0) [0x560f2aea62f0]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: /usr/local/lib/libopenvas_misc.so.23(ipc_exec_as_process+0x8a) [0x7f6dbc87f21a]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: openvas: openvas: testing REDACTED-IP(create_ipc_process+0x109) [0x560f2aeac589]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: openvas: openvas: testing REDACTED-IP(attack_network+0x967) [0x560f2aea6e87]
greenbone-community-edition-openvas-1              | sd   main:WARNING:2024-08-21 19h28.33 utc:3302: openvas: openvas: testing REDACTED-IP(openvas+0x527) [0x560f2aea8f17]
greenbone-community-edition-openvas-1              | sd   main:  DEBUG:2024-08-21 19h28.33 utc:3293: waitpid() failed. No child processes)
greenbone-community-edition-openvas-1              | libgvm util:  DEBUG:2024-08-21 19h28.33 utc:3293: redis_delete_all: deleting all elements from KB #4
greenbone-community-edition-openvas-1              | sd   main:  DEBUG:2024-08-21 19h28.33 utc:3293: Test complete
greenbone-community-edition-openvas-1              | sd   main:  DEBUG:2024-08-21 19h28.33 utc:3293: attack_network: free alive detection data
greenbone-community-edition-openvas-1              | sd   main:  DEBUG:2024-08-21 19h28.33 utc:3293: attack_network: waiting for alive detection thread to be finished...
greenbone-community-edition-openvas-1              | sd   main:  DEBUG:2024-08-21 19h28.33 utc:3293: attack_network: Finished waiting for alive detection thread.
greenbone-community-edition-openvas-1              | sd   main:MESSAGE:2024-08-21 19h28.33 utc:3293: Vulnerability scan e05ff5b9-bd69-4e48-b157-a5899256373b finished in 149 seconds: 1 alive hosts of 1
greenbone-community-edition-openvas-1              | GLib:UNKNOWN:2024-08-21 19h28.33 utc:3293: ../../../glib/gmem.c:169: failed to allocate 11827893825724 bytes
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:35,478: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Host scan finished.
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:35,480: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Host scan got interrupted. Progress: 2, Status: RUNNING
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:35,481: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan interrupted.
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:37,757: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan process is dead and its progress is 2
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:37,758: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan interrupted.
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:37,760: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan process is dead and its progress is 2
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:37,761: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan interrupted.
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:37,774: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan process is dead and its progress is 2
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:37,775: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan interrupted.
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:37,786: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan process is dead and its progress is 2
greenbone-community-edition-ospd-openvas-1         | OSPD[7] 2024-08-21 19:28:37,786: INFO: (ospd.ospd) e05ff5b9-bd69-4e48-b157-a5899256373b: Scan interrupted.
greenbone-community-edition-gvmd-1                 | event task:MESSAGE:2024-08-21 19h28.37 utc:5064: Status of task REDACTED-IP (006e17b9-4e97-48d5-8527-3f4b9beda193) has changed to Interrupted

I have a temporary bodge-style workaround that requires me to manually add openvasd to the $no_proxy environmental variable.

Edit your ~/.docker/config.json file and add the following before building with the GVM Dockerfile:

"proxies": {
                "default": {
                        "httpProxy": "http://proxy:80",
                        "httpsProxy": "http://proxy:80",
                        "noProxy": "localhost,127.0.0.1,openvasd"
                }
        }