Can't login into 11.31

catastro · ‎05-19-2008

Hi all. I have a 11.31 server and can not login form outside it no matter what. I can ssh from any server of my net to it and backwords as well.
From my 11.31 server I can telnet to others, but not backwards. I stopped already the ipf firewall, the telnet line in inetd.conf is not commented.
I need to be able to make rlogin at least once in order to set up a script to allow to get connected to the system with no password (it is stored in a file and the system is known and well trusted).
Any ideas for helpping to solve this issue?

Jeeshan · ‎05-19-2008

did you try to telnet localhost?

a warrior never quits

Steven Schweda · ‎05-19-2008

> Any ideas for helpping to solve this issue?

How about a clear description of the problem?

What, exactly, are you trying to do, and what,
exactly, happens when you try to do it?

Rlogin and Telnet are two different things.

If SSH works, why is [r?]login so important?

Raj D. · ‎05-19-2008

Catastro,
Check if you have installed the SEC-00 sec-01 or sec-02 or Bastile, application during installation , that will lockdown the system for security hardening purpose.

Also please provide more information about the problem.
- Is it a new server with 11.31.
- Since when you are having this problem.

Cheers,
Raj.

" If u think u can , If u think u cannot , - You are always Right . "

catastro · ‎05-19-2008

Hi, this happens to me since I installed the server, so it has to be something that is inside, a firewall or something like that. Telnet is enabled and in my system I have this:

HPUXBastille -> B.3.0.26
IPFilter -> A.11.31.13
Sec00Tools -> B.01.04.10

ssh works fine, but I need telnet or rlogin at least once, in order to exchange with other server the SSL Keys in order for some scripts to work out well.
I am wondering, how about uninstalling this tools, and as soon as I finish (as I wont need telnet or rlogin anymore) reinstall them? I guess that will work right?

catastro · ‎05-19-2008

I forgot. I can telnet for any server on my net, and from himself as well, but there is no error appearing at all. I works as usual, but when asks for the user login, I type it and I type the the password and the system asks me again, but I never get into the system.
And witth ssh I can get inside it, with the same user and password.
There are no clues in syslog and no error messages at all as well.

PVR · ‎05-20-2008

Please check the /etc/services file and /etc/inetd.conf whether rsh and telnet are enabled or not. If not, please enable it.

Don't give up. Try till success...

PVR · ‎05-20-2008

Also please check the file /etc/pam.conf.

Can you show us the contents of /etc/pam.conf file ?

Don't give up. Try till success...

catastro · ‎05-20-2008

Tehy were already enabled, as I can do telnet to my server, but not log into the system.

catastro · ‎05-20-2008

It is the default system file. This is

spdome1:#/root>cat /etc/pam.conf
#
# PAM configuration
#
# Notes:
#
# If the path to a library is not absolute, it is assumed to be
# relative to the directory /usr/lib/security/$ISA/
#
# For PA applications, /usr/lib/security/$ISA/libpam_unix.so.1 is a
# symbolic link that points to the corresponding PA (32 or 64-bit) PAM
# backend library.
#
# The $ISA (i.e. Instruction Set Architecture) token will be replaced
# by the PAM engine with an appropriate directory string.
# See pam.conf(4).
#
# Also note that the use of pam_hpsec(5) is mandatory for some of
# the services. See pam_hpsec(5).
#
# Authentication management
#
login auth required libpam_hpsec.so.1
login auth required libpam_unix.so.1
su auth required libpam_unix.so.1
dtlogin auth required libpam_hpsec.so.1
dtlogin auth required libpam_unix.so.1
dtaction auth required libpam_hpsec.so.1
dtaction auth required libpam_unix.so.1
ftp auth required libpam_hpsec.so.1
ftp auth required libpam_unix.so.1
rcomds auth required libpam_hpsec.so.1
rcomds auth required libpam_unix.so.1
sshd auth required libpam_hpsec.so.1
sshd auth required libpam_unix.so.1
OTHER auth required libpam_unix.so.1
#
# Account management
#
login account required libpam_hpsec.so.1
login account required libpam_unix.so.1
su account required libpam_unix.so.1
dtlogin account required libpam_hpsec.so.1
dtlogin account required libpam_unix.so.1
dtaction account required libpam_hpsec.so.1
dtaction account required libpam_unix.so.1
ftp account required libpam_hpsec.so.1
ftp account required libpam_unix.so.1
rcomds account required libpam_hpsec.so.1
rcomds account required libpam_unix.so.1
sshd account required libpam_hpsec.so.1
sshd account required libpam_unix.so.1
OTHER account required libpam_unix.so.1
#
# Session management
#
login session required libpam_hpsec.so.1
login session required libpam_unix.so.1
dtlogin session required libpam_hpsec.so.1
dtlogin session required libpam_unix.so.1
ftp session required libpam_hpsec.so.1 bypass_limit_login bypass_umas
k bypass_nologin
ftp session required libpam_unix.so.1
rcomds session required libpam_hpsec.so.1 bypass_limit_login
rcomds session required libpam_unix.so.1
sshd session required libpam_hpsec.so.1
sshd session required libpam_unix.so.1
OTHER session required libpam_unix.so.1
#
# Password management
#
login password required libpam_hpsec.so.1
login password required libpam_unix.so.1
passwd password required libpam_hpsec.so.1
passwd password required libpam_unix.so.1
dtlogin password required libpam_hpsec.so.1
dtlogin password required libpam_unix.so.1
sshd password required libpam_hpsec.so.1
sshd password required libpam_unix.so.1

PVR · ‎05-20-2008

Pl check whether a file named /etc/securetty there or not. If it is there, please rename it and try. Also let us know the contents of the file.

Don't give up. Try till success...

catastro · ‎05-20-2008

Thanks a lot PVR. It was that. I renamed the file and it worked out.
The last issue for solving the issue, is how to enable to accept the rlogin connections. The server refuses the connections.

desar:/root# rlogin testi1
rcmd: connect: testi1.catastro.minhac.es: Connection refused

testi1 is my 11.31 server, and desar is another server with 11.11 that is in the same net.

catastro · ‎05-23-2008

Hi all. I got to finally do what I wanted. To make my 11.31 server to trust a 11.11 server through ssh and openssl. Now the 11.31 server cuts my ssh connections that I try to do through my trusted 11.11 server. I already exchanged the encrypted passwords. And now this is what the syslog tells me on the 11.31 server. Anyone could tell me what is wrong here?

May 23 10:53:38 testi2 sshd[20606]: Accepted keyboard-interactive/pam for rootsc
from 10.57.224.72 port 56214 ssh2
May 23 10:54:14 testi2 sshd[20606]: SSH: Server;LType: Throughput;Remote: 10.57.
224.72-56214;IN: 5600;OUT: 496;Duration: 36.2;tPut_in: 154.7;tPut_out: 13.7

catastro · ‎05-23-2008

Everythig is right now. I had to change my script in order to work properly.
Thanks to all for your help.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Can't login into 11.31

Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31

Re: Can't login into 11.31