HPE Community
Operating System - HP-UX
1846812 Members
7776 Online
110256 Solutions
New Discussion

Enable root login

 
SOLVED
Go to solution
Jimmy Aulestia_2
Frequent Advisor

‎07-01-2005 03:23 AM

‎07-01-2005 03:23 AM

Enable root login

How i can enable root login in a hp-ux trusted system?

I need enable for a moment because i use the scanmaster progra that connect to the system with root account?

After tah use the scanmaster program, i need disable root login again.

Thanks
Jimmy
0 Kudos
Reply
19 REPLIES 19
RAC_1
Honored Contributor

‎07-01-2005 04:13 AM

‎07-01-2005 04:13 AM

Re: Enable root login

Enable root login?? You can not log in as root at the moment except on console?? If this is the case, check /etc/securetty file. It will have console in it. Remove/move it till you get your work done.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-01-2005 04:16 AM

‎07-01-2005 04:16 AM

Re: Enable root login

I am hoping that you have something like sudo or powerbroker privileges to give you the root rights. If so, execute your flavor of authorization executable and obtain root privileges, change root's password assuming the account has been totally disabled and password is something no one remembers anymore, then execute the following commands to unlock and re-enable root account:

/usr/lbin/modprpw -l -m alock=NO root
/usr/lbin/modprpw -k root

when you are done using root, execute follwing command to diable the account.

/usr/bin/passwd -l root

If you do not have any account which will grant you root privileges, there is no other way to do this but rebooting/crashing the system and booting to single user mode (hopefully you did not enable root password at the single user level) and reset the password at this time.

HTH
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Jimmy Aulestia_2
Frequent Advisor

‎07-01-2005 04:53 AM

‎07-01-2005 04:53 AM

Re: Enable root login

The problem is when i do telnet or ssh to the system, in this case i have to login with an normal user account and then in the operating system i use SU - to root login.

I need enable telnet or ssh with root account.

Please help, thank

Jimmy
0 Kudos
Reply
DCE
Honored Contributor

‎07-01-2005 05:12 AM

‎07-01-2005 05:12 AM

Re: Enable root login

As Anil said, check to see if you have a file called /etc/securetty. If so, either modify it as he suggested, or temporarily rename it. That will take of the problem. The /etc/securetty file restricts where rot can login from

Dave
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-01-2005 05:49 AM

‎07-01-2005 05:49 AM

Re: Enable root login

I second or third the above opinion. you must have an /etc/securetty file in place with the content of one line saying

console

if you remove this file you should be able login as roon from any telnet/ssh connection.

to reinstate the root lockout from anywhere but the console, you just recreate the file

echo "console" > /etc/securetty
chmod 600 /etc/securetty

of course file should be owned by root:sys

Hope this helps
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Jimmy Aulestia_2
Frequent Advisor

‎07-01-2005 06:07 AM

‎07-01-2005 06:07 AM

Re: Enable root login

[ECBPHCF1]:/etc>ls securetty
securetty not found
[ECBPHCF1]:/etc>ls sec*
sec* not found
[ECBPHCF1]:/etc>

There isn't securetty file

Jimmy
0 Kudos
Reply
DCE
Honored Contributor

‎07-01-2005 06:29 AM

‎07-01-2005 06:29 AM

Re: Enable root login

You may have to look at roots properties in the trusted computer base

there are a couple of places to look:
/tcb/files/auth/system
/tcb/files/auth/r/root

Not sure on the exact path on the second listing, as my trusted system is down right now ( it is being relocated )


0 Kudos
Reply
Jimmy Aulestia_2
Frequent Advisor

‎07-01-2005 07:12 AM

‎07-01-2005 07:12 AM

Re: Enable root login

In the /tcb/auth/files/* files i don´t see nothing for enable root login in telnet/ssh

Any idea
Jimmy
0 Kudos
Reply
RAC_1
Honored Contributor

‎07-01-2005 07:17 AM

‎07-01-2005 07:17 AM

Re: Enable root login

When you try to login as root, what is the error message that you get?? Also what does yslog.log say for it??

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Jimmy Aulestia_2
Frequent Advisor

‎07-01-2005 07:28 AM

‎07-01-2005 07:28 AM

Re: Enable root login

nothing, the ssh conexion finished. Whe a user normal acoount i can login.

Maybe is for the trusted system.
Jimmy
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-01-2005 11:11 AM

‎07-01-2005 11:11 AM

Re: Enable root login

Did you check the root's .profile or any of the .*rc files ? one of them may have an immediate exit command, upon interactive login detection. Very low level protection but it works if nobody cares to look at that, i.e., security by obscurity. Just a thought.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Greg Vaidman
Respected Contributor

‎07-01-2005 04:01 PM

‎07-01-2005 04:01 PM

Re: Enable root login

Not sure what the problem is with telnet, but you should be able to correct your ssh issue by adding the line "PermitRootLogin yes" in sshd_config, and restarting sshd.
0 Kudos
Reply
Devender Khatana
Honored Contributor

‎07-03-2005 12:25 AM

‎07-03-2005 12:25 AM

Re: Enable root login

Hi,

I am also in the same issue in one of our servers. It is a non trusted system without securetty & I can not telnet , rlogin using root. Even on console I can not get in through root. After logging in through a normal user su or su - works fine. The problem is still being diagnosed & will let you know once resolved.

Regards,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Devender Khatana
Honored Contributor

‎07-03-2005 08:52 PM

‎07-03-2005 08:52 PM

Re: Enable root login

Hi,

We finally found it to be a very simple mistake. The root passwd has included a # symbol. As per the man page of passwd # and @ should not be included for passwords. The problems even got resolved by changing root password not to include a #.

See if you also have the similar situation.

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Jimmy Aulestia_2
Frequent Advisor

‎07-06-2005 09:08 AM

‎07-06-2005 09:08 AM

Re: Enable root login

My root passwdord don't have # or @.

How i can restart sshd?

There isn't sshd in the /sbin/init.d.
Jimmy
0 Kudos
Reply
Rick Garland
Honored Contributor

‎07-06-2005 09:25 AM

‎07-06-2005 09:25 AM

Solution

Re: Enable root login

For root to login via telnet, locate the /etc/securetty file as described. Removed the CONSOLE entry.

For Secure Shell (ssh), there is a file called sshd_config. This can be located in /opt/ssh/etc/sshd_config.

In this file is a line that says PermitRootLogin - this value can be yes or no. If the value is no, root cannot login via ssh.

Change this value to yes and bounce the ssh process.

/sbin/init.d/secsh stop;/sbin/init.d/secsh start

or

kill /opt/ssh/sbin/sshd
/opt/ssh/sbin/sshd (this will start the ssh process)

NOTE: Locations of these files can vary depending on if you are using the HP version of ssh or the shareware version of ssh.

In either case the methods are the same to allow for root logins via ssh - or to prevent root logins via ssh.

Reply
Rick Garland
Honored Contributor

‎07-06-2005 09:26 AM

‎07-06-2005 09:26 AM

Re: Enable root login

Forgot to mention, in either case (telnet or ssh) a user can login and then su - to become root.

No changes would be required on the /etc/securetty or the sshd_config files.

The file in /sbin/init.d is secsh

0 Kudos
Reply
Devender Khatana
Honored Contributor

‎07-06-2005 09:28 AM

‎07-06-2005 09:28 AM

Re: Enable root login

Hi,

From one earlier thread.
The easiest way to restart your sshd without losing your current session is

# kill -1 $(cat /var/run/sshd.pid)

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Jimmy Aulestia_2
Frequent Advisor

‎07-06-2005 10:27 AM

‎07-06-2005 10:27 AM

Re: Enable root login

The sshd_config was the file that enable root login for ssh.

Thanks.
Jimmy
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.