HPE Community
Operating System - HP-UX
1833046 Members
2602 Online
110049 Solutions
New Discussion

Cannot telnet with root login

 
Antalia
Occasional Advisor

‎07-27-2009 01:56 PM

‎07-27-2009 01:56 PM

Cannot telnet with root login

Hi all,

I have HP-UX 11.31 and I am trying to telnet and ftp to it, but it seems to deny root login. I have checked inetd.conf files and services in /etc to make sure telnet is enabled. It is actually working, but it won't log me in with my system root account. Does anyone know why I cannot telnet with root? (ftp has the same problem).

Thanks
0 Kudos
Reply
9 REPLIES 9
Patrick Wallek
Honored Contributor

‎07-27-2009 03:08 PM

‎07-27-2009 03:08 PM

Re: Cannot telnet with root login

That function is likely disabled.

For telnet, check for the existence of the file /etc/securetty. If that file exists, and host the word 'console' in it, then root is ONLY allowed to log in directly from the console. The best practice is to log in with your own user id and then 'su' to root.

For FTP, check your FTP configuration file(s). /etc/ftpusers may be the file, but depending on your specific version of FTP it could be different. Disallowing root to FTP is also good security practice.

0 Kudos
Reply
Vishu
Trusted Contributor

‎07-27-2009 03:14 PM

‎07-27-2009 03:14 PM

Re: Cannot telnet with root login

Hi,

Check for /etc/securetty file, it prohibits root login from telnet. just rename or move this file will allow your root login with telnet.

and for ftp, check /etc/ftpd/ftpusers file, is root there in its list. Delete the root from the list and it will allow you to ftp as root.

0 Kudos
Reply
Walt Watson
Advisor

‎07-27-2009 04:09 PM

‎07-27-2009 04:09 PM

Re: Cannot telnet with root login

Do you have ssh on this system? If so, use the secure port 22 instead of 23 (e.g., with putty).
0 Kudos
Reply
Lijeesh N G_1
Respected Contributor

‎07-27-2009 07:37 PM

‎07-27-2009 07:37 PM

Re: Cannot telnet with root login

Hi,

Telnet
=======
Check /etc/securetty file is exists, if exists rename or remove the file to allow
root user to login through telnet.

#mv /etc/securetty /etc/securetty.old

FTP
=====
Check root entry in /etc/ftpd/ftpusers file, it is there remove from that.

Regards,
LIJEESH N G
0 Kudos
Reply
Yogesh M Puranik
Valued Contributor

‎07-27-2009 08:36 PM

‎07-27-2009 08:36 PM

Re: Cannot telnet with root login

Hi Antila,

Most of the HP-UX 11 V3 versions are along with the trusted host enabled on it, which will cause for direct root login disable as well as ftp with root is disble.

This could be the reason.

++
Rgds
YMP
0 Kudos
Reply
Antalia
Occasional Advisor

‎07-29-2009 04:57 AM

‎07-29-2009 04:57 AM

Re: Cannot telnet with root login

Thanks to all of you! Removing /etc/securetty solved the problem immediately.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-29-2009 04:59 AM

‎07-29-2009 04:59 AM

Re: Cannot telnet with root login

Shalom,

You have opened up a security hole.

/etc/securetty was put there to stop root login.

Why, because telnet authenticates in clear text. That means any user on the network can learn the root password with a simple tool to sniff the network. A tool that takes less than a minute to install in a Windows system and is standard in Unix or Linux.

You want to put that file back and log on to root as follows:

1) Log on as a regular user

2) su - root

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jestin John Chacko
Regular Advisor

‎07-29-2009 05:04 AM

‎07-29-2009 05:04 AM

Re: Cannot telnet with root login

Dear stefen

Thanks for that valuable information.i had done the same thing for enabling the telnet.
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-29-2009 05:20 AM

‎07-29-2009 05:20 AM

Re: Cannot telnet with root login

This is sort of off-topic, but first off, using telnet for any login is a big security risk due to the fact that, the password as you type it and send it, travels on your network in clear text, open to any network sniffer to catch it. Don't use telnet at all costs. Use ssh instead.

Secondly, root account should not be accessible from any place but console and that should be a last resort login when all else fail. Logging in as root is no different than logging in as regular user and using

su -
or
sudo su -

commands. You end up with the same privileges as you login directly as root.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.