topic Re: root blocked for network services in Operating System - Linux

root blocked for network services

Tiago Marques_2 — Tue, 16 Jul 2002 18:51:43 GMT

Hi!

I'm tying to connect my Linux server by telnet, ftp, rlogin services, but, using the user root I can't get access, and using other users there is no problem. The message returned for the root when I try to use any network service is that the login is incorrect.
Do I need configure any access file to provide the access for the root user??

Thanks!

Re: root blocked for network services

Steven Mertens — Tue, 16 Jul 2002 19:13:15 GMT

hi,

I assume you use a redhat distro :

for telnet add the following lines to
/etc/securetty

pts/0
pts/1
pts/2
...

for rlogin add the following line to
/etc/securetty

rlogin

for ftp (assume wu-ftp) add the following
to /etc/ftpaccess

allow-uid root
allow-gid root

Remember that it's not safe to use telnet
or rlogin , ssh is much better

Hope this helps.

Regards

Steven

Re: root blocked for network services

Steven Mertens — Tue, 16 Jul 2002 19:14:50 GMT

... i forgot , i think its also nessasary
to restart xinetd before it will work

-> service xinetd restart

Re: root blocked for network services

I_M — Wed, 17 Jul 2002 00:55:21 GMT

Hi

Talking about telnet login by root, you need to change /etc/pam.d/login.

Find following line, then make it "comment".

auth required /lib/security/pam_securetty.so

Without this line, telnet login never check /etc/securetty file.

Good luck

Re: root blocked for network services

Peter Kloetgen — Wed, 17 Jul 2002 11:02:37 GMT

Hi Tiago,

you can also mv the securetty file:

mv /etc/securetty /etc/securetty.save

this prevents all network services to look into this file. You will also have to change a parameter in the telnet- file :

disable = yes --> change it to "no", otherwise root will never be able to telnet anything.

And yes, you *have* to restart xinetd.

This should do it for you, but as allready mentioned, never forget, telnet as root is a sucurity hole! Better telnet the remote host as a normal user and then do a su to root...

Allways stay on the bright side of life!

Peter

Re: root blocked for network services

Tiago Marques_2 — Wed, 17 Jul 2002 11:11:10 GMT

Why using Telnet with root it's so unsecure??

Re: root blocked for network services

Peter Kloetgen — Wed, 17 Jul 2002 13:48:39 GMT

Hi Tiago,

when you are telnetting to a remote host, you are forced to give a root password..... and the telnet service is using *no* data encryption. So if anybody in your network has a sniffer software....(like nettl on HP-UX or snoop on Solaris) he simply gets your root password. And this *is* unsecure! Further on, telnet sessions are relatively easy to overtake when you finish them.

So the better choice is *never* to telnet as root directly but do a switch user on the remote host to root. Or to use some terminal emulator software that use data encryption, like ReflectionX or Hummingbird Exeed.

Allways stay on the bright side of life!

Peter

Re: root blocked for network services

Soumen Ghosh_1 — Mon, 29 Jul 2002 10:39:22 GMT

Hello,

One small thing. Restarting 'xinetd' in this case is not necessary. If 'xinetd' has to be reconfigured, issuing the following command :
kill -SIGUSR1 `cat /var/run/xinetd.pid`
would reconfigure 'xinetd' service without stopping it.
Thanks.

Soumen Ghosh