Community
Security

Unable to telnet via root user

 
SOLVED
Go to solution
Aamir_Majeed
Advisor

‎12-16-2011 07:03 AM

‎12-16-2011 07:03 AM

Unable to telnet via root user

Hi There,

 

I am not able to telent via root user directly, an non-power user is able to telnet from there I can su - in order to get root access.

I am able to access via root from serial console, please note I have installed this server from ignite tape.

 

Also I have turned off restricted security mode i.e.. tsconvert -r

 

root user can access from ssh.

 

Please assist.

 

Thanks and Regards,

Aamir Majeed.

0 Kudos
Reply
5 REPLIES 5
Patrick Wallek
Honored Contributor

‎12-16-2011 07:29 AM

‎12-16-2011 07:29 AM

Solution

Re: Unable to telnet via root user

You probably have a file called /etc/securetty and the contents of that file is the word 'console'.

 

# cat /etc/securetty

console

 

This means that root is ONLY allowed to login directly from the console.  Direct root login via telnet from any other device is not permitted.  SSH does not query this file. SSH access via root is controlled via the sshd_config file.

 

If you want to allow root access from devices other than the console, just rename the file to something else, like /etc/securetty.orig.

 

I would recommend leaving it as is though.  It is good security practice to make admins login as themselves and then su to the root user only when necessary.

Reply
Aamir_Majeed
Advisor

‎12-16-2011 07:38 AM

‎12-16-2011 07:38 AM

Re: Unable to telnet via root user

Hi Patrick,

 

Thanks for ur quick response, I also gone through tha file and I hashed out this entry, but that did not work.

 

In order to adopt changes in /etc/securetty, what steps are required.

 

Secondly, thanks for ur suggestions regarding root user, but customer is asking to remove this security measure.

 

 

Thanks.

0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎12-16-2011 07:42 AM

‎12-16-2011 07:42 AM

Re: Unable to telnet via root user

Try just moving the file.  There should be nothing required to activate changes.

 

# mv /etc/securetty /etc/securetty.BAD

 

 

Reply
Patrick Wallek
Honored Contributor

‎12-16-2011 09:16 AM

‎12-16-2011 09:16 AM

Re: Unable to telnet via root user

A further explanation of the /etc/securetty file:

 

The contents of the file are the tty's where root is allowed to log into the system.  When the system checks the file '/dev/' will be prepended to whatever is in the file.  So, if the word 'console' is in the file then the system will interpret that as /dev/console and that is where root is allowed to log in.

 

If there is anything else there then /dev/ will be prepended to that.  So if you have '#console' in the file then the system may see if as '/dev/#console'.  Since that does not match any valid device file, root is not allowed to log in.

 

If there is nothing in the file, then the system may just see it as /dev/ whis not a valid file either, so again root can't log in.

 

If you do not want any restrictions on where root can log in from, move or remove the /etc/securetty file.  If the file does not exist there are not restrictions for the root login.

Reply
Aamir_Majeed
Advisor

‎12-19-2011 09:35 PM

‎12-19-2011 09:35 PM

Re: Unable to telnet via root user

Thanks for detailed reply, issue has been resolved by renaming securetty file.

 

Regards,

 

AM

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.