topic Re: Trusted system Telnet access in Operating System - HP-UX

Trusted system Telnet access

uspfoms — Mon, 29 Oct 2007 16:59:47 GMT

HP unix 11i converted to trusted system, now I can not logon with Telnet. Does trusting a system stop all telnet access to it if so can it be turned back on a trusted system?

Re: Trusted system Telnet access

David Bellamy — Mon, 29 Oct 2007 17:08:25 GMT

Yes telnet will still work.

Re: Trusted system Telnet access

Fabian Briseño — Mon, 29 Oct 2007 17:18:19 GMT

Hello uspforms.
This should not affect telnet access,

check /etc/inetd.conf and see if telnet if checked if it is uncomment it.

Re: Trusted system Telnet access

Fabian Briseño — Mon, 29 Oct 2007 17:20:39 GMT

Also I forgot to mention you need to restart Inetd after you modify it in order for chnages to take place.

# inetd -c

Re: Trusted system Telnet access

Tor-Arne Nostdal — Wed, 31 Oct 2007 14:23:44 GMT

You can use telnet in a trusted system - but then again, it would be better to not use it ;-)

Also check the file inetd.sec (see man inetd.sec)

Here you can customize the security for programs invoked via inetd.

If you use telnet I would propose that you restrict it to only be allowed within a secure "zone" (ex. LAN not WAN).

HP-UX still have several defaults which is considered insecure. You might have to harden the security for HP-UX's, while you might spend more time on opening a Linux system...

Search for "HP-UX Bastion host" if you want to read more on hardening HP-UX. (Bastion ~= Fortress)

/Tor-Arne

Re: Trusted system Telnet access

A. Clay Stephenson — Wed, 31 Oct 2007 14:38:31 GMT

What may have happened when you converted to trusted was that all the passwords expired. Do a /usr/lbin/modprpw -k user and see if "user" can now login.

Re: Trusted system Telnet access

Roberto Arias — Tue, 08 Jan 2008 15:26:10 GMT

Hi all:

please copy the error. Is in the login access, password...?

YOu can ckeck unconverting system and configuring policy of C2 before convert

Re: Trusted system Telnet access

Bill Hassell — Tue, 08 Jan 2008 18:12:04 GMT

> now I can not logon with Telnet

This is far too vague to be useful. Do you see anything at all when you start telnet? It should show you the contents of the /etc/issue file before it asks for a login. If not, does it say: connection refused, or connection closed, or does it simply timeout with nothing at all shown on your screen?

If you get a login request, does it close the connection before you get a password request? If you can type the correct password, is the password more than 8 characters long?

And finally, did you convert to Trusted with SAM or simply run the tsconvert command? tsconvert will indeed expire *all* user accounts. Root can still login at the system console where you can reset the expired accounts with modprpw as mentioned before.