HPE Community
Operating System - HP-UX
1837187 Members
2417 Online
110114 Solutions
New Discussion

Re: root remote login

 
Terry Willmann
New Member

‎09-24-2002 07:53 AM

‎09-24-2002 07:53 AM

root remote login

We can not remotely login with the root user and get error, "login incorrect". What file must be modified to allow remote login by root. Other users are able to login remotely.
I'd rather be golfing
0 Kudos
Reply
15 REPLIES 15
John Dvorchak
Honored Contributor

‎09-24-2002 08:01 AM

‎09-24-2002 08:01 AM

Re: root remote login

The file is /etc/securetty. Either delete it or rename it. It is a text file that holds the tty names, console included, that are the only ones that root can logon from. Typically it only has "console" in it. By renaming it root can logon from anywher. Caution, this is a huge security risk. The accepted proceedure is to logon as a normal user and su - to gain root access.
If it has wheels or a skirt, you can't afford it.
0 Kudos
Reply
Ray Brewer
Valued Contributor

‎09-24-2002 08:03 AM

‎09-24-2002 08:03 AM

Re: root remote login

If you are trying to "rlogin" the file ".rhosts" in the root users home directory on the remote system is the file that needs to be modified. You will need to put in an entry like this

root

Where is the name of the local system you are trying to log in from. Also the remote system needs to be able to resolve the local systems host name with either an entry in /etc/hosts or DNS

Ray
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎09-24-2002 08:03 AM

‎09-24-2002 08:03 AM

Re: root remote login

I heartily echo John's comments about the huge security risk of allowing root to login directly from anywhere other than the console.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎09-24-2002 08:03 AM

‎09-24-2002 08:03 AM

Re: root remote login

is there a file /etc/securetty?

SunOS has a default security setting that dis-allows root access, but HP-UX does not. Root access denial Im pretty sure is only controled by the securetty file.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Anil C. Sedha
Trusted Contributor

‎09-24-2002 08:19 AM

‎09-24-2002 08:19 AM

Re: root remote login

Terry,

You can delete the /etc/securetty file as i don't believe that it is such a big risk to let root login from anywhere else apart from the console.

Most of us work on scenarios where our Datacentres host our boxes and we work remotely. I don't see any security flaw if we use root access from remote terminals so long as we hold the password securely and change it at regular intervals.

Regards,
Anil
If you need to learn, now is the best opportunity
0 Kudos
Reply
John Dvorchak
Honored Contributor

‎09-24-2002 08:24 AM

‎09-24-2002 08:24 AM

Re: root remote login

I have to respectfuly take exception to Ray's suggestion about a .rhosts file in the root home directory. Her are a couple of points:

1. With .rhosts you have to list the systems that can gain access as root. Limiting your options to logon from anywhere.

2. With no .rhosts at least the person hacking your system has to know the root password to gain access to that system.

3. With no .rhosts and having "console" in the /etc/securetty file will force someone to logon as a normal user and then su to root allowing you to track who is doing what as root. We use this in root's .profile to track the history of the user:

REAL=`logname`
HISTFILE=.sh_$REAL
HISTSIZE=1000
export HISTFILE HISTSIZE





If it has wheels or a skirt, you can't afford it.
0 Kudos
Reply
Terry Willmann
New Member

‎09-24-2002 08:27 AM

‎09-24-2002 08:27 AM

Re: root remote login

The /etc/securetty file is not present on the system.
I'd rather be golfing
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎09-24-2002 08:52 AM

‎09-24-2002 08:52 AM

Re: root remote login

hi,

Try doing a ls /etc/securetty as *root* user , because this file normally does not have access permission to non-root users. This is confirm that the file is really there or not.

Another thing to check would be the /var/adm/syslog/syslog.log file for messages related to root loging. It should have some error message for the login of root which will give further clues on what the problem could me.

Are you able to do su as root from a normal user. Just to discount any passwd related issue!

HTH
raj
Take it easy.
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎09-24-2002 09:10 AM

‎09-24-2002 09:10 AM

Re: root remote login

Hi Terry


In the $HOME/.rhosts for the root you can try adding

IP adress root

instead of


server name root


this will solve the problem .


like

server A 10.2.10.30
server B 10.2.10.40


in .rhosts on A you should have

10.2.10.40 root

and vice versa.



Manoj Srivastava
0 Kudos
Reply
Tom Danzig
Honored Contributor

‎09-24-2002 09:28 AM

‎09-24-2002 09:28 AM

Re: root remote login

You might also want to check in /var/adm/inetd.sec to insure there are no login restrictions for root there.
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎09-24-2002 09:54 AM

‎09-24-2002 09:54 AM

Re: root remote login

with the rlogin command, if you are not allowed to login without a password via /.rhosts or $HOME/.rhosts or ~root/.rhosts (if you changed root's home) then you should be prompted for a password.
If this "login incorrect" is coming from remsh then there is no way to fix this without adding the allowed systems into ~root/.rhosts

are you getting the error from remsh? or from rlogin?

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎09-24-2002 10:11 AM

‎09-24-2002 10:11 AM

Re: root remote login

Assuming you are telneting to the system...

You can get "Login incorrect" for the following reasons:

- invalid loginid
- invalid password
- superuser not allowed to login remotely because of /etc/securetty

There may be other reasons but these are the 3 I know of. Can you login as a non-superuser and then su to root?

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎09-24-2002 10:28 AM

‎09-24-2002 10:28 AM

Re: root remote login

HI
Check the /var/adm/syslog/syslog.log file for the error messages related to your failed attempts with root remote logins.

It could be "root" account blocked to login directly (check such restriction in .profile, /etc/profile, inetd.sec) or the host/IP address blocked to login (in inetd.sec)

Thankc.
Prashant.
Take it as it comes.
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎09-24-2002 10:40 AM

‎09-24-2002 10:40 AM

Re: root remote login

At least on 11.0, don't worry about checking /var/adm/inetd.sec. If inetd.sec is denying telnet or (r)login, you won't get to the point where you would enter a loginid or a password.

I hate to ask, but is the root password what you think it should be? Can you login and su to root? It wouldn't be the first time someone has changed the password without letting others know.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Terry Willmann
New Member

‎09-24-2002 10:58 AM

‎09-24-2002 10:58 AM

Re: root remote login

Thank all for the help. The problem was being caused by the root password having an @ sign in it.
I'd rather be golfing
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.