Connection Types

Before being able to talk to a remote GMP or OSP server using one of the provided command line clients, the user has to choose a connection type for establishing a communication channel. Currently three different connection types are supported for being used as transport protocol:

  • TLS – tls

  • SSH – ssh

  • Unix Domain Socket – socket

For the most common use case (querying gvmd via GMP on the same host) the socket connection should be chosen. The other connection types require some setup and possible adjustments at the server side, if no Greenbone OS based system is used.

Using a Unix Domain Socket

The Unix Domain Socket is the default connection type of gvmd in the Greenbone Community Edition. It is only usable when running the client tool on the same host as the daemon.

The location and name of the Unix Domain Socket provided by gvmd highly depends on the environment and Greenbone Community Edition installation.

For current releases of the Greenbone Community Edition 21.4 and 22.4 the socket should be found at /run/gvmd/gvmd.sock.

For GOS 4 the path is either /run/openvas/openvasmd.sock or /usr/share/openvas/gsa/classic/openvasmd.sock and for GOS 5 and later the path is either /run/gvm/gvmd.sock or /usr/share/gvm/gsad/web/gvmd.sock.

OSPd based scanners may be accessed via Unix Domain Sockets as well. The location and name of these sockets is configurable and depends on the used OSPd scanner implementation.

Warning

Accessing a Unix Domain Socket requires sufficient Unix file permissions for the user running the command line interface tool.

Please do not start a tool as root user via sudo or su only to be able to access the socket path. Instead, adjust the socket file permissions, e.g. by setting the --listen-owner, --listen-group or --listen-mode arguments of gvmd.

Using TLS

The TLS connection type was the default connection type for remote and local communication in GOS 3.1 and before. It is used to secure the transport protocol connection of GMP or OSP. It requires to provide a TLS certificate file, TLS key file and TLS certificate authority file.

Using SSH

Since GOS 4, SSH is the default connection type for secure remote communication with the manager daemon via GMP. The Greenbone Management Protocol is tunneled through SSH and forwarded to gvmd.