HPE Community
Operating System - HP-UX
1834800 Members
2672 Online
110070 Solutions
New Discussion

/etc/securtty message "Invalid Login"

 
SOLVED
Go to solution
Timothy Ng
New Member

‎08-20-2001 07:08 PM

‎08-20-2001 07:08 PM

/etc/securtty message "Invalid Login"

I have put in "console" into /etc/securtty to allow root login from console only. However, when operator try to remote login root, message "Invalid Login" is prompted which makes people think a wrong password is entered. The retrying may lock up the root account in a Trusted system. Anyway to configure HP to provide more meaningful message like "Console Login Only"?

Version 10.20

Thanks!
0 Kudos
Reply
4 REPLIES 4
Bill Hassell
Honored Contributor

‎08-20-2001 08:07 PM

‎08-20-2001 08:07 PM

Re: /etc/securtty message "Invalid Login"

Thyere is no way to configure the error message. However, you may wish to leave root disabled...many sysadmins will do this by creating a securetty file with nothing in it. Now, root logins are only possible with su as in:

/usr/bin/su - root

(always use the - root option). In this way, 2 logins and passwords are required to gain root access.


Bill Hassell, sysadmin
0 Kudos
Reply
Tim D Fulford
Honored Contributor

‎08-21-2001 08:14 AM

‎08-21-2001 08:14 AM

Re: /etc/securtty message "Invalid Login"

I agree with Bill about your problem.

However, I would keep /etc/securetty with console entry in it. This is because if you have networking issues you can log on as root at the console. This is especially important if the machine uses central authentication as in effect without the console entry the machine is unusable even if it is possible to fix it from the console!

Tim
-
0 Kudos
Reply
Philip P. Hartl
Valued Contributor

‎08-21-2001 12:31 PM

‎08-21-2001 12:31 PM

Solution

Re: /etc/securtty message "Invalid Login"

In a secure environment, which is what you are attempting by creating the securetty file, the idea is to provide as little information as possible, therefore the message "Invalid Login" is the proper response. Your concern about disabling root by repeated attempts in a trusted system environment is unfounded, however, since should root be disabled due to excessive attempts, it will still succeed at the console. A message warning that root has been disabled will be displayed, but console logon is permitted and when successful will reset the invalid logon counter. This can effectively warn you if someone attempts root access illegally.
Don't take life so seriously; nobody gets out alive.
Reply
Timothy Ng
New Member

‎08-22-2001 04:50 PM

‎08-22-2001 04:50 PM

Re: /etc/securtty message "Invalid Login"

Just want to thanks for all the helpful advice. It is always a tradeoff between security measures and operational efficiency. A balance has to be found and exploring the alternatives do help me to find a good point.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.