topic Re: Enable root login in Operating System - HP-UX

Enable root login

Jimmy Aulestia_2 — Fri, 01 Jul 2005 10:23:03 GMT

How i can enable root login in a hp-ux trusted system?

I need enable for a moment because i use the scanmaster progra that connect to the system with root account?

After tah use the scanmaster program, i need disable root login again.

Thanks

Re: Enable root login

RAC_1 — Fri, 01 Jul 2005 11:13:44 GMT

Enable root login?? You can not log in as root at the moment except on console?? If this is the case, check /etc/securetty file. It will have console in it. Remove/move it till you get your work done.

Anil

Re: Enable root login

Mel Burslan — Fri, 01 Jul 2005 11:16:16 GMT

I am hoping that you have something like sudo or powerbroker privileges to give you the root rights. If so, execute your flavor of authorization executable and obtain root privileges, change root's password assuming the account has been totally disabled and password is something no one remembers anymore, then execute the following commands to unlock and re-enable root account:

/usr/lbin/modprpw -l -m alock=NO root
/usr/lbin/modprpw -k root

when you are done using root, execute follwing command to diable the account.

/usr/bin/passwd -l root

If you do not have any account which will grant you root privileges, there is no other way to do this but rebooting/crashing the system and booting to single user mode (hopefully you did not enable root password at the single user level) and reset the password at this time.

HTH

Re: Enable root login

Jimmy Aulestia_2 — Fri, 01 Jul 2005 11:53:24 GMT

The problem is when i do telnet or ssh to the system, in this case i have to login with an normal user account and then in the operating system i use SU - to root login.

I need enable telnet or ssh with root account.

Please help, thank

Re: Enable root login

DCE — Fri, 01 Jul 2005 12:12:30 GMT

As Anil said, check to see if you have a file called /etc/securetty. If so, either modify it as he suggested, or temporarily rename it. That will take of the problem. The /etc/securetty file restricts where rot can login from

Dave

Re: Enable root login

Mel Burslan — Fri, 01 Jul 2005 12:49:26 GMT

I second or third the above opinion. you must have an /etc/securetty file in place with the content of one line saying

console

if you remove this file you should be able login as roon from any telnet/ssh connection.

to reinstate the root lockout from anywhere but the console, you just recreate the file

echo "console" > /etc/securetty
chmod 600 /etc/securetty

of course file should be owned by root:sys

Hope this helps

Re: Enable root login

Jimmy Aulestia_2 — Fri, 01 Jul 2005 13:07:35 GMT

[ECBPHCF1]:/etc>ls securetty
securetty not found
[ECBPHCF1]:/etc>ls sec*
sec* not found
[ECBPHCF1]:/etc>

There isn't securetty file

Re: Enable root login

DCE — Fri, 01 Jul 2005 13:29:32 GMT

You may have to look at roots properties in the trusted computer base

there are a couple of places to look:
/tcb/files/auth/system
/tcb/files/auth/r/root

Not sure on the exact path on the second listing, as my trusted system is down right now ( it is being relocated )

Re: Enable root login

Jimmy Aulestia_2 — Fri, 01 Jul 2005 14:12:00 GMT

In the /tcb/auth/files/* files i donÂ´t see nothing for enable root login in telnet/ssh

Any idea

Re: Enable root login

RAC_1 — Fri, 01 Jul 2005 14:17:45 GMT

When you try to login as root, what is the error message that you get?? Also what does yslog.log say for it??

Anil

Re: Enable root login

Jimmy Aulestia_2 — Fri, 01 Jul 2005 14:28:52 GMT

nothing, the ssh conexion finished. Whe a user normal acoount i can login.

Maybe is for the trusted system.

Re: Enable root login

Mel Burslan — Fri, 01 Jul 2005 18:11:31 GMT

Did you check the root's .profile or any of the .*rc files ? one of them may have an immediate exit command, upon interactive login detection. Very low level protection but it works if nobody cares to look at that, i.e., security by obscurity. Just a thought.

Re: Enable root login

Greg Vaidman — Fri, 01 Jul 2005 23:01:14 GMT

Not sure what the problem is with telnet, but you should be able to correct your ssh issue by adding the line "PermitRootLogin yes" in sshd_config, and restarting sshd.

Re: Enable root login

Devender Khatana — Sun, 03 Jul 2005 07:25:18 GMT

Hi,

I am also in the same issue in one of our servers. It is a non trusted system without securetty & I can not telnet , rlogin using root. Even on console I can not get in through root. After logging in through a normal user su or su - works fine. The problem is still being diagnosed & will let you know once resolved.

Regards,
Devender

Re: Enable root login

Devender Khatana — Mon, 04 Jul 2005 03:52:20 GMT

Hi,

We finally found it to be a very simple mistake. The root passwd has included a # symbol. As per the man page of passwd # and @ should not be included for passwords. The problems even got resolved by changing root password not to include a #.

See if you also have the similar situation.

HTH,
Devender

Re: Enable root login

Jimmy Aulestia_2 — Wed, 06 Jul 2005 16:08:09 GMT

My root passwdord don't have # or @.

How i can restart sshd?

There isn't sshd in the /sbin/init.d.

Re: Enable root login

Rick Garland — Wed, 06 Jul 2005 16:25:02 GMT

For root to login via telnet, locate the /etc/securetty file as described. Removed the CONSOLE entry.

For Secure Shell (ssh), there is a file called sshd_config. This can be located in /opt/ssh/etc/sshd_config.

In this file is a line that says PermitRootLogin - this value can be yes or no. If the value is no, root cannot login via ssh.

Change this value to yes and bounce the ssh process.

/sbin/init.d/secsh stop;/sbin/init.d/secsh start

or

kill /opt/ssh/sbin/sshd
/opt/ssh/sbin/sshd (this will start the ssh process)

NOTE: Locations of these files can vary depending on if you are using the HP version of ssh or the shareware version of ssh.

In either case the methods are the same to allow for root logins via ssh - or to prevent root logins via ssh.

Re: Enable root login

Rick Garland — Wed, 06 Jul 2005 16:26:51 GMT

Forgot to mention, in either case (telnet or ssh) a user can login and then su - to become root.

No changes would be required on the /etc/securetty or the sshd_config files.

The file in /sbin/init.d is secsh

Re: Enable root login

Devender Khatana — Wed, 06 Jul 2005 16:28:20 GMT

Hi,

From one earlier thread.
The easiest way to restart your sshd without losing your current session is

# kill -1 $(cat /var/run/sshd.pid)

HTH,
Devender

Re: Enable root login

Jimmy Aulestia_2 — Wed, 06 Jul 2005 17:27:37 GMT

The sshd_config was the file that enable root login for ssh.

Thanks.