cancel
Showing results for 
Search instead for 
Did you mean: 

unable to telnet

SOLVED
Go to solution
DuKul
Regular Advisor

unable to telnet

Hi all,

I am facing strange situation - I cannot telnet to one HP-UX 11.23 system although:
1. I can login there by ssh or ftp with the same user
2. I can su -, or su to that user.

The telnet entry in inetd.conf is traditionally as follows:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd

When I am trying to seek inside of syslog on the target server during the telnet attempts I do not see nothing except that some telnet connection is trying to start:

Sep 24 15:10:50 saptest inetd[1041]: telnet/tcp: Connection from sapdbs1 (10.20.19.26) at Wed Sep 24 15:10:50 2008

Could you please give me some hints or guidlines what to check?

Thanks a lot.
Dukul
17 REPLIES
J.G.D. van Zonneveld
Occasional Visitor

Re: unable to telnet

Hi,

Check de /etc/services file
telnet 23/tcp
and also check the /etc/hosts.allow and hosts.deney
SKR_1
Trusted Contributor

Re: unable to telnet

Check for the following commands

1. more /etc/rc.config.d/netconf ( For default gateway )

2. /etc/resolv.conf

3. /etc/nsswitch.conf

4. nslookup server

Thanks

SKR
DuKul
Regular Advisor

Re: unable to telnet

Hi,

thanks for hints but:
1) I am not using hosts.allow, hosts.deny - i.e. if the daemon cannot find any of those files the access should be granted.
2) both servers have the same default gateway (they are on the same subnet)
3) nslookup works fine.

any other hints?

Dukul
sreekanthtm
Trusted Contributor

Re: unable to telnet

Whats the error msg ur getting?
Is this an NIS user?
If the telnet prompt is getting hung for quiet long time then the issue could be with the DNS server. Check the /etc/resolv.conf and nsswitch. If u can post the content of these file.
Ganesan R
Honored Contributor

Re: unable to telnet

Hi,

You have not mentioned that the session seems to be hung or getting some errors. If the session looks hung or sometime takes very long time to give login prompt then it could be name resolution issue.

When we do the telnet to the server A from a client, Server A will do a reverse lookup(given an ip and find the host name) . This is a security protocol to make sure that the device trying to gain access is authorized.
There is no way to disable this feature. Sometime server will not be able to do reverse lookup. For example server is configured as DNS client and will not be able to access DNS server for some reasons(like DNS server down, Firewall inbetween, QZ zones, etc).Then there will be noticable delay to give the login prompt.

Resolution:

There are two ways we can resolve this issue. First one is we can include the clients in server hosts file. So that reverse lookup will happen locally. Make sure hosts is first lookup in /etc/nsswitch.conf.
Sometime it is very difficult to include all the clients in hosts file because we donâ t know from which clients the request will come. In that case include the following entries in /etc/resolv.conf file to sort out this issue like below. (retrans 500 and retry 2 )

# more /etc/resolv.conf
search
nameserver 10.176.0.3
nameserver 10.176.0.131
retrans 500
retry 2


Hope this helps you.
Best wishes,

Ganesh.
Steven Schweda
Honored Contributor

Re: unable to telnet

> [...] I cannot telnet [...]

> Whats the error msg ur getting?

> You have not mentioned that the session
> seems to be hung or getting some errors.

I assumed that his "L" key was broken. This
would explain why "ssh" and "su" both worked,
but "telnet" did not.

> Could you please give me some hints or
> guidlines what to check?

If you expect help from non-psychics, you
might explain what "I cannot telnet" actually
means.
Gokul Chandola
Trusted Contributor

Re: unable to telnet

Dear Dukul,
Please use root user for login.
Try it, will work.

Regards,
Gokul Chandola
There is always some scope for improvment.
DuKul
Regular Advisor

Re: unable to telnet

Hi all,

sorry I did not specify that I don't get any error messages within the syslog; the only message I am getting is

login: d46adm
Password:
Login incorrect

and in syslog on the target:

Sep 25 09:09:35 saptest inetd[14600]: telnet/tcp: Connection from sapdbs1 (10.20.19.26) at Thu Sep 25 09:09:35 2008

and nothing more.

The names entries of both machines are same within hosts files on both servers, nslookup works fine, as I have already written.

The nsswitch.conf is setup as follows (and as needed for such case):

hosts: files [NOTFOUND=continue] dns

Re: unable to telnet

Kindly check with this way login to the server

#telnet localhost

and try to login by the same user name and password on both the servers.

Let me know waht error message comes

Peter Gillis
Super Advisor

Re: unable to telnet

Telnet entry in /etc/inetd.conf looks like this on my system (11.11):

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/issue
-TCP_DELAY

When a login occurs you should see a telnetd running for that session like:

ps -ef |grep telnetd
root 4692 740 0 16:54:00 pts/tk 0:00 telnetd -b /etc/issue -TCP_DELAY

The inetd.conf entry is basically the startup command for the telnet session. You may like to add the params above to yours.
PG
sreekanthtm
Trusted Contributor

Re: unable to telnet

Did u tried with any other user name, other than root and d46adm. Just to confirm, weather this problem is related to this particular user. And try to login from any other server os PC to verify the host access.

Don't forget to post the results here.
DuKul
Regular Advisor

Re: unable to telnet

Hello Sushil,

I have tried it:

#telnet localhost
Trying...
Connected to localhost.
Escape character is '^]'.
Local flow control on
Telnet TERMINAL-SPEED option ON

HP-UX saptest B.11.11 U 9000/800 (ta)

login: d46adm
Password:
Login incorrect
login: d46adm
Password:
Login incorrect
login: d46adm
Password:
Login incorrect
Connection closed by foreign host.

in the syslog always the same 1 entry (onlly 1 and nothing more!):

Sep 25 10:30:30 saptest inetd[910]: telnet/tcp: Connection from localhost (127.0.0.1) at Thu Sep 25 10:30:30 2008

DuKul
Regular Advisor

Re: unable to telnet

hi sreekanthtm,

yes I have tried this for other user(s) - this problem is particular only for this user and only for telneting using its account.
Tom Henning
Trusted Contributor
Solution

Re: unable to telnet

This might be a little off the wall, but has the user been locked out of the system due to multiple login failures now? use
/usr/lbin/getprpw d46adm
on the box which is not allowing telnet to check on this. Everyone else has mentioned all of the other checks, but is this account using a '@' or a '#' in the password? If so, escape them with a backslash when typing them in or they will cause problems.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
DuKul
Regular Advisor

Re: unable to telnet

Tom, you hit the point!!!

Yes, the password has @ within itself and once escaping it with \ it works!

Now, what to define in .profile to escape it?

Dukul
Tom Henning
Trusted Contributor

Re: unable to telnet

To the best of my limit knowledge, you cannot. Authentication is handled before /etc/profile or .profile is executed, so it'a a matter of the system looking for these characters. You can search the forums for a more detailed answer, since this question has been discussed a number of times previously. From my 11i v1 system's man passwd pages:

Avoid password characters which have special meaning to the tty
driver, such as # (erase) and @ (kill). You may not be able to login
with these characters.

This may have been changed since 11iv1, but I'm stuck these days on the older release.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
DuKul
Regular Advisor

Re: unable to telnet

solution; avoid escape characters within passwords