topic Re: Another telnet problem: single user not able to authenticate. in Operating System - HP-UX

Another telnet problem: single user not able to authenticate.

Kristopher March — Fri, 31 Jan 2003 20:17:15 GMT

HP-UX 11.00 V-Class
Plenty of RAM and processors.

Having a problem with telnet. Here's a little background.

Decided to test a few things: One, we modified our hosts.allow file to retrict a certain machine from using the telnet service.
Entry looked like the following:

telnetd :DENY IP ADDRESS (first line in file)

after the change I did a /usr/sbin/inetd -c

Telnet was denied from that machine, which is what we wanted to see.

Two, I reversed the operation and enabled that IP address to come in. (removed above said line, completely)

I did another /usr/sbin/inetd -c

User tried to log on machine; it failed after typing in his CORRECT password. I also tried from his machine and it let me in.
Now /etc/hosts.allow is set to allow all telnet from the subnet he is located on.
Three, I've checked everything I can think of:
/var/adm/inetd.sec looks fine and no mention of restricting telnet. I do have echo and chargen set to deny in that file, for what its worth.
"netstat -a" shows me that telnet is listening.
Said user's shell is listed in /etc/shells file

There doesn't seem to be a problem with the telnet kernel parameters either. We only have, at the most, 1 or 2 telnet users coming into the box. Must of us use ssh to come in.

Additionally, his telnet connection is being logged. But no errors are produced. User cannot log in from other workstation to server, either. It's a strange problem and I've run out of things to check.

Re: Another telnet problem: single user not able to authenticate.

Jeff Schussele — Fri, 31 Jan 2003 20:22:56 GMT

Hi Kristopher,

1)Check that user's shell definition in the /etc/passwd file.

2) Run pwck to verify the integrity of the passwd file

Has to be user specific.

Rgds,
Jeff

Re: Another telnet problem: single user not able to authenticate.

Kristopher March — Fri, 31 Jan 2003 20:27:29 GMT

Jeff;

Just ran the pwck utility and the passwd file checked out fine. So does the users entry in the passwd file. His shell is: /usr/bin/sh

Any other ideas?

Re: Another telnet problem: single user not able to authenticate.

Jeff Schussele — Fri, 31 Jan 2003 20:36:33 GMT

Ok...
What message do you receive on the workstation?

Are you running SSH on this system?

Run inetd -l to turn up the logging level & try again.

Don't forget to turn it off (inetd -c) after checking as it'll really fill syslog.log

Jeff

Re: Another telnet problem: single user not able to authenticate.

Kristopher March — Fri, 31 Jan 2003 20:43:12 GMT

On the workstation, the user is able to connect in, enter username/passwd and then it acts like his password is not valid/correct.

Logging had already been on so I see him connnect and then nothing else in the log.

The machine has also been rebooted, but not a result of this.

Yes, we are running ssh. The sshd2_config was modified to restrict his username. But I reversed all that. And anytime I make a change to the ssh config files, I issue a kill -HUP on the pid file. He is able to ssh in. This was all done before the reboot.

Re: Another telnet problem: single user not able to authenticate.

Kristopher March — Fri, 31 Jan 2003 20:44:32 GMT

"Login incorrect" is the message he gets. The user is typing in the correct passwd, or else he wouldn't be able to connect in with ssh.

Re: Another telnet problem: single user not able to authenticate.

GIRIJA SWAIN — Fri, 31 Jan 2003 20:44:53 GMT

Hi Just check the entry in . You can open a seassion by "#tail -f /var/adm/syslog/syslog.log" and then try to telnet from that subnet. You will find some error and find out from there. Ensure your telnet requests are getting in to the target server.

Re: Another telnet problem: single user not able to authenticate.

Kristopher March — Fri, 31 Jan 2003 20:45:55 GMT

Yes, telnet connections are being logged. I can see them.

Re: Another telnet problem: single user not able to authenticate.

Jeff Schussele — Fri, 31 Jan 2003 20:57:55 GMT

Well, let's see.
If you're using hosts.allow then you're using tcpwrapper - correct?

What's in the hosts.deny file?

What does tcpdchk return?

If all else checks out - try setting a new PW for that user.

Rgds,
Jeff

Re: Another telnet problem: single user not able to authenticate.

Kristopher March — Fri, 31 Jan 2003 21:26:59 GMT

No hosts.deny file exists.

Don't have tcpdchk on machine.

I'll have the user reset his passwd to something else. Let you know what happens.
thanks so far.

Re: Another telnet problem: single user not able to authenticate.

Artyom Voronchihin — Sat, 01 Feb 2003 11:59:38 GMT

Hello !
It's silly idea, but such behaviour of login happens when user is trying to login with UID 0, /etc/securetty file exist and does not contain record about tty which use for the telnet connection.