HPE Community
Operating System - HP-UX
1752788 Members
6127 Online
108789 Solutions
New Discussion юеВ

telnet, rlogin, ssh randomic access denied

 
MARCONI SPA
Occasional Advisor

тАО01-11-2008 08:41 AM

тАО01-11-2008 08:41 AM

telnet, rlogin, ssh randomic access denied

Hi all,
I have a strange problem with a rx6600 with HP-UX 11.23: sometimes it's impossible to telnet, rlogin and ssh to the host. The system displays the login/password request but don't let me in ! Trying again after few minutes, or after some hours, everything work fine ! but after some time, it doesn't work again, and so on forever !
Please consider that:
- it's not a network problem, this is the only host on our network which works (?) like this
- it seems that trying to connect from certain hosts works better than from other ones
- I tried various reconfiguration and workarounds: tcpd enabling in /etc/inetd.conf, entries for "login allow" and "telnet allow" in /var/adm/inetd.sec, patching (PHNE_35770)...
nothing changes !
- I configured telnetd in a way to send a banner message on connection request, so I see that the banner is NOT sent to the incoming host when the conection is denied, while it is sent when the connection is accepted !

So I think inetd, telnetd, rlogind and sshd are not working properly, but don't know how to fix them !
Anyone can help ?
Thanks in advance
Maurizio
Riccardo Bigoni
0 Kudos
Reply
4 REPLIES 4
Roberto Arias
Valued Contributor

тАО01-11-2008 08:53 AM

тАО01-11-2008 08:53 AM

Re: telnet, rlogin, ssh randomic access denied

Hi Marconi:

Try connect without inetd.sec (move to .old for a minute). with this we see the problem is the host's security.

check if you have any firewall, her rules. for last Check resolution of names in /etc/nsswitch.conf and /etc/resolv.conf too.

If you can send us the error messages, better

regards
The man is your friend
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО01-11-2008 10:37 AM

тАО01-11-2008 10:37 AM

Re: telnet, rlogin, ssh randomic access denied

Any external authentication enabled, i.e. PAM, NIS ?

Is the same issue seen when using the console ?

0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО01-11-2008 01:53 PM

тАО01-11-2008 01:53 PM

Re: telnet, rlogin, ssh randomic access denied

Could be the box is running out of pts. Or that an ssh client isn't disconnecting cleanly and it holds on to the pts device until eventually they've been exhausted and you start getting access denied because you can't allocate a pts device.

Next time it fails, login to the console and save "ps -ef" output and run "ssh -vvv" from a client to get debug output. If all looks well and you don't have several ssh sessions w/ ppid=1, then tune npty, nstrpty, and nstrtel.

also look here, you may want to make the change with sam like A. Clay suggests; otherwise don't forget to create the devices after you up the parms.

"http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1139356&admit=109447626+1200088167614+28353475"

-denver
0 Kudos
Reply
palaniappan.sp
Regular Advisor

тАО01-12-2008 01:05 AM

тАО01-12-2008 01:05 AM

Re: telnet, rlogin, ssh randomic access denied

Hi,
Check the Connectivity speed of the interface is set correctly or not (i.e 100mbps..) w.r.t ur network speed.
When u ping the host continuously by ping -t ,is there any drop in the packet..
Ur telling that its connecting for one time,after some time it is not connecting.Are u trying telnet or rlogin or sshd from different m/c?? or from different vlan??? or r u trying telnet from the same vlan,where the server reside??
Try with some other login id's??
Is any error logging in messages file?? when u hit the host?If so pls post that..
To confirm the daemons are running w/o any issue, u can try logging to someother m/c??
If it is logging w/o any problem then u can't say it is a daemon(inetd, telnetd, rlogind and sshd) issues.
Change the configuration port to some other undefined port and try..

Regds,
palani.

Everything is Possible and Anything is Feasible if u try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.