topic Re: How come I cannot telnet to LINUX using root user id? in Operating System - Linux

How come I cannot telnet to LINUX using root user id?

Rashid Ali — Sat, 02 Jun 2001 00:12:53 GMT

I was wondering how come I cannot telnet to LINUX from Win98/NT using root user id, because I can login as normal user and then run su to become root user.

Thanks,

Re: How come I cannot telnet to LINUX using root user id?

Denver Osborn — Sat, 02 Jun 2001 01:33:53 GMT

Does the /etc/securetty file exist? If it does and there isn't an entry for the port you're coming from then you won't be able to login as root. Either move the /etc/securetty file aside or add an entry for where you want root to be allowed access from. Keep in mind that by moving the file aside, root will be allowed login from anywhere.

Hope this helps
-denver

Re: How come I cannot telnet to LINUX using root user id?

Vincenzo Restuccia — Tue, 05 Jun 2001 08:13:32 GMT

#mv /etc/securetty /tmp

Re: How come I cannot telnet to LINUX using root user id?

Rashid Ali — Wed, 06 Jun 2001 01:29:12 GMT

Yes, there is such a file. But there are tty device names already defined there, tty1,tty2,tty3,etc. One device one line. After I add in an entry "128.188.3.92", I still cannot telnet in as root until I move it to /tmp. Is there any way to add in such an entry so that only certain(defined) PC hosts are allowed to telnet as root?

Re: How come I cannot telnet to LINUX using root user id?

Nick Snellock — Wed, 06 Jun 2001 18:17:17 GMT

It is better to follow the default setting for this and to log in as another user. You can then use the su or su - command to become root once you are logged in. This has been set up like this as a security measure to provide some protection for your system.

Re: How come I cannot telnet to LINUX using root user id?

Mark Fenton — Wed, 06 Jun 2001 23:08:19 GMT

Zhang, that is precisely how to set it up.

Puzzling that you can telnet in as regular user but not as root when your ip is in the securetty file. I'm assuming that this is true from the same machine. (eg. from machine A: telnet linux.box -l joeuser -->success
A: telnet linux.box -l root --> failure )

If this is not the case, but rather you cannot telnet in at all, check the (RH 7.0 +>)
/etc/xinetd.d/telnet file for disable = no, and set that to yes instead. (or /etc/inetd.conf for <=RH 6.2)

Re: How come I cannot telnet to LINUX using root user id?

Rashid Ali — Wed, 06 Jun 2001 23:58:57 GMT

I was also wondering whether in Linux there is such a file similar to /var/adm/inetd.sec in HP-UX whereby you can define which host has what kind of access to the server such as telnet,ftp,etc.(deny--yes/no).

It seems your solution or Linux's solution is not so flexible. What's the syntax of /etc/securetty? It seems I cannot just add in some hosts' IP address to allow them login as root. Linux either don't allow any remote login as root or allow login as root from any remote host. Am I right?

Re: How come I cannot telnet to LINUX using root user id?

Laurent Paumier — Thu, 07 Jun 2001 11:13:46 GMT

/etc/securetty only defines terminals (device files) on which you are able to logon as root. It has nothing to do with network security such as "from which host do we accept telnet connections". For that, you can configure service/hosts you accept/reject in the files /etc/hosts.allow and /etc/hosts.deny. Do a "man hosts_access" for more information.

Re: How come I cannot telnet to LINUX using root user id?

Sorrel G. Jakins — Tue, 12 Jun 2001 15:49:55 GMT

If you make a syntax error in /etc/securetty then that entry is ignored.

BTW Zhang, you need to assign points to these responses, otherwise soem of the regulars will stop replying to you.