topic Re: remote root login to Linux system. in Operating System - Linux

remote root login to Linux system.

jerry1 — Thu, 05 Feb 2004 11:43:26 GMT

Why when loging into linux box root's passwd
not accepted.
I can log into linux box on console as root.
I can su - to root with same password.
I can login to linux system as any other user
but when loging in as root and entering password at prompt. I get Login incorrect.

Is there a security feature I am missing?

Already edited /etc/inetd.conf.

Re: remote root login to Linux system.

G. Vrijhoeven — Thu, 05 Feb 2004 11:49:19 GMT

Hi,

Do you have a file called /etc/securetty?

Gideon

Re: remote root login to Linux system.

Martin P.J. Zinser — Thu, 05 Feb 2004 12:35:12 GMT

Hello Jerry,

securettys is the way to go if you want to use telnet. Generally speaking this is not recommended nowadays anymore since the password is sent unencrypted over the network. Use ssh instead:

basic usage: ssh root@host

The first time you have to accept some keys.

Greetings, Martin

Re: remote root login to Linux system.

Paul Cross_1 — Thu, 05 Feb 2004 13:12:56 GMT

It is generally considered good practice not to login directly as root (login as yourself and su - to root) but if you have a good reason for not using ssh (BTW: using ssh may require an edit of /etc/ssh/sshd_config to change PermitRootLogin no to yes), securetty is a flat file with a simple list of ttys that root is permitted to login on.

-p

Re: remote root login to Linux system.

jerry1 — Thu, 05 Feb 2004 13:43:16 GMT

I need to be able to use rdist to the linux
box and that requires ~/.rhosts.
So if /etc/securettys is turned off for root
by default then I will look at that and see
if it is causing my problem. Was like the old SunOS.

Re: remote root login to Linux system.

Don_89 — Fri, 06 Feb 2004 12:38:49 GMT

If you need to distribute multiple files to multiple hosts, there are a couple of alternatives to doing this ..

1) You can use SCP to copy the files in a cron job. Generate a RSA key on your main server and copy the /root/.ssh/id_rsa.pub file to each of the remote servers in the /root/.ssh directory and name the file "authorized_keys2". That way you wont be prompted for a password everytime.. Works great.

2) We also use rsync. It works great and pretty simple to setup..

hope this helps..

Re: remote root login to Linux system.

jerry1 — Fri, 06 Feb 2004 14:36:08 GMT

What I need to do is rdist files from client
boxes to the linux host. The client boxes
do not have ssh and it is not an option to
install ssh on all of them.

Since rdist is a quick and easy way to copy
files to a remote host and compare time stamps. It seems to be the way to go.
Security in this area is not an issue since
no one but 3 people have access and there
is no access from the internet.
root .rhosts is okay, they all 3 have root
access anyway. Installing ssh is more work than is required to accomplish this simple copy.
cp from nfs mount would not do the time stamp
checking and I don't have the time to write
test scripts to do so.
Interesting that HP-UX has in
/etc/securetty just the line "console" yet
root .rhosts works for rlogin, etc without
password. Does linux have to not have tty/pty
in them to work? I had to uncomment the tty pty statements so it would allow root to login
remotely in the first place.
I checked linuxquestions.org and saw same
problems posted and not one had a solution.
Only to use ssh.

Is this a security feature in linux that you
cannot use .rhosts for root at all?

Re: remote root login to Linux system.

jerry1 — Wed, 11 Feb 2004 10:43:28 GMT

As it turns out. I have scrapped using rdist.
One, its not compatible with Solaris rdist,
have not checked with HP yet. If using it on
the linux system locally to get files from
NFS then it does not like unknown files,
does not replicate soft and hard links.

The question about root login no passwd is
to use option -h in inetd.conf after rlogind.
This allows root to use its .rhosts file.

Re: remote root login to Linux system.

Paul Cross_1 — Wed, 11 Feb 2004 10:56:59 GMT

rdist being open source, you should download and compile it so that you have the same software and versions on all platforms. That way there are no "compatibility" issues.

Re: remote root login to Linux system.

jerry1 — Wed, 11 Feb 2004 12:56:16 GMT

I have the rdist.c rdistd.c but I have not
the clients time to download a compiler to
the linux box and mess with it.

find /source -depth -print|cpio /backupdir/ 2>finderrors

Seems to do okay from the NFS mounts and
gives me sanity checking on any corrupt files.