topic Re: cannot login as root in RedHat AS 3.0 in Operating System - Linux

cannot login as root in RedHat AS 3.0

Jdamian — Fri, 12 Nov 2004 07:19:37 GMT

Hi

In my Red Hat Enterprise Advanced Server 3.0 user
root can open FTP sessions but no telnet session.
'su -' works fine...

I think login is the problem because after logging as an ordinary user I run "login" and type 'root' and its password.... 'login incorrect' is the error.

'login' checks /etc/securetty. I renamed that file... no change.

I commented the /etc/pam.d/login entry:

# auth required pam_securetty.so

but login still fails.

Any idea ?

Thanks.

Re: cannot login as root in RedHat AS 3.0

Sergejs Svitnevs — Fri, 12 Nov 2004 08:16:33 GMT

Simply edit the file /etc/securetty and add the following to the end of the file:

pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9
This will allow up to 10 telnet sessions to the server as root.

Regards,
Sergejs

Re: cannot login as root in RedHat AS 3.0

HGN — Fri, 12 Nov 2004 08:21:41 GMT

Hi

To enable root access you need to edit the
/etc/securetty and add the following lines

pts/0
pts/1
pts/2
pts/3
pts/4
pts/5

The more the number you enter it will allow more sessions.

Rgds

HGN

Re: cannot login as root in RedHat AS 3.0

Jdamian — Sun, 14 Nov 2004 12:33:04 GMT

That was the first action I did... but it didn't solve my problem.

Re: cannot login as root in RedHat AS 3.0

Celso Medina Kern — Sun, 14 Nov 2004 12:41:53 GMT

Oscar,

Make sure youre putting the correct pty in your /etc/securetty. Login as regular user and execute tty command. Then add this device in /etc/securetty without preceding /dev, logout and try to logon again.

Other thing to check is the service cfg, in /etc/xinetd.d/telnet, to see if there is any constraint against root, and the tcp wrapper in /etc/hosts.allow and /etc/hosts.deny if i am not mistaken.

Regards,

Celso

Re: cannot login as root in RedHat AS 3.0

Stuart Browne — Sun, 14 Nov 2004 17:51:34 GMT

If you've commented out the 'auth required pam_securetty.so' in '/etc/pam.d/login', then that should be sufficient to bypass the security checks that restrict a root login. I've double checked (on an ES3.0 system though), and it works here.

What else is in '/etc/pam.d/login' then?

Incidentally, you should put '/etc/securetty' back where it is, other things rely upon it.

Re: cannot login as root in RedHat AS 3.0

Jdamian — Mon, 15 Nov 2004 02:05:38 GMT

/> cat /etc/pam.d/login
#%PAM-1.0
#auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so

/> cat /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9

Re: cannot login as root in RedHat AS 3.0

dirk dierickx — Mon, 15 Nov 2004 03:05:09 GMT

why do you need ftp as root? can't you use something like 'scp' instead?

Re: cannot login as root in RedHat AS 3.0

Stuart Browne — Mon, 15 Nov 2004 16:22:46 GMT

Remove the pts entries from securetty.

Try to log in, then past us the log entries in /var/log/messages and /var/log/secure.

Re: cannot login as root in RedHat AS 3.0

Fred Ruffet — Mon, 15 Nov 2004 17:11:18 GMT

root access to telnet and ftp are disabled as default to prevent clear password to navigate in a clear form through your network, and to prevent people to know at least one login and use some cracking software.

Try to use ssh and sftp instead would be a better way than enabling root access to those protocols.

Regards,

Fred

Re: cannot login as root in RedHat AS 3.0

Jdamian — Thu, 18 Nov 2004 01:55:33 GMT

in /var/log/messages appears:

Nov 18 07:51:52 ssoro363 login: ROOT LOGIN REFUSED ON pts/1 FROM localhost

in /var/log/secure appears:

Nov 18 07:51:47 ssoro363 xinetd[31752]: START: telnet pid=24153 from=127.0.0.1

Re: cannot login as root in RedHat AS 3.0

rmueller58 — Thu, 27 Jan 2005 14:02:18 GMT

Make sure if you use ssh to check your /etc/ssh/sshd_config permitroot login is commented.

#PermitRootLogin yes

Re: cannot login as root in RedHat AS 3.0

Touker — Wed, 06 Dec 2006 18:38:27 GMT

Applicable for RHEL AS3 / AS4:

First, edit /etc/securetty and add pts/0 to let say pts/8

Second, you have to use telnet-server package, because krb5-telnet does not allow root login via telnet.

Third, remember that in.telnetd is invoked through superdaemon xinetd, therefore you have to have it running.

Re: cannot login as root in RedHat AS 3.0

Ermin Borovac — Fri, 08 Dec 2006 22:44:16 GMT

I think that telnetd uses /etc/pam.d/remote file so you would need to remove securetty line from that file as well.

Re: cannot login as root in RedHat AS 3.0

Jdamian — Tue, 14 Oct 2008 18:18:00 GMT