HPE Community
Operating System - HP-UX
1847664 Members
3789 Online
110265 Solutions
New Discussion

Re: ssh and telnet

 
Fauziah Mahdan
Super Advisor

‎11-27-2006 08:08 PM

‎11-27-2006 08:08 PM

ssh and telnet

Hi all,
I have unix 11.23 server called db6 and db7. Installed ssh to these 2 servers.
telnet service still on.
From another windows server under same segment I can use putty and winscp to this db6 and db7.
But from each db6 and db7 I can't telnet each other.
0 Kudos
Reply
19 REPLIES 19
Ivan Krastev
Honored Contributor

‎11-27-2006 08:11 PM

‎11-27-2006 08:11 PM

Re: ssh and telnet

Check in /etc/inetd.conf if telnet is enabled. Also see for entries in /var/adm/syslog/syslog.log when trying to connect via telnet.


regards,
ivan
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎11-27-2006 08:31 PM

‎11-27-2006 08:31 PM

Re: ssh and telnet

telnet enable at /etc/inetd.conf
error log found at syslog.log
Nov 28 16:15:11 db6 telnetd[8803]: Time out occurred in the initial option negotiation
Nov 28 16:19:10 db6 sshd[8816]: fatal: Timeout before authentication for 10.x.x.xx
Nov 28 17:11:30 db6 sshd[8988]: Accepted keyboard-interactive/pam for root from 10.x.x.xx port 1082 ssh2
Nov 28 17:11:30 db6 sshd[8988]: subsystem request for sftp
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎11-27-2006 09:56 PM

‎11-27-2006 09:56 PM

Re: ssh and telnet

hi,

consider applying patch PHNE_33724

Patch Description: s700_800 11.23 telnet kernel, telnetd(1M), telnet(1) patch


also, if you are moving towards, a more secured environment, you may as well stop using telnet and use ssh to login to the server.


kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Coolmar
Esteemed Contributor

‎11-28-2006 12:23 AM

‎11-28-2006 12:23 AM

Re: ssh and telnet

Hi,

When you try and telnet between the servers, do you get an error or does it just "hang" there?

As mentioned above, I would consider not using the insecure telnet at all and switch to ssh seeing as you have it installed.
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎11-28-2006 12:59 PM

‎11-28-2006 12:59 PM

Re: ssh and telnet

Yes for long term and security issue I will close telnet and ftp services. Use ssh and winscp for telnet and ftp.
But curently I need to find the reason why i can't telnet from each other.
Error appear as :
trying ...
telnet: unable to connect to remote host. connection refused.


I am going to install the patch as requested 1st.


0 Kudos
Reply
KapilRaj
Honored Contributor

‎11-28-2006 01:06 PM

‎11-28-2006 01:06 PM

Re: ssh and telnet

can u telnet from the windows machines ?. Are you sure they are all on the same logical tcp/ip subnet ?

a)can you ping ?
b)can u ftp between them?

Regds,

Kaps
Nothing is impossible
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎11-28-2006 03:32 PM

‎11-28-2006 03:32 PM

Re: ssh and telnet

Ok install the patches still not work.

db6 and db7 in same segment. From unix and windows server in the same segment can telnet and ftp to both servers.
The problem is only from db6 to db7 and the other way around can't telnet and ftp each other but ping reply.
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎11-28-2006 03:40 PM

‎11-28-2006 03:40 PM

Re: ssh and telnet

hi,

on db6,
do: telnet localhost

on db7,
do: telnet localhost


are you able to get the login prompt?

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎11-28-2006 03:48 PM

‎11-28-2006 03:48 PM

Re: ssh and telnet

Yes. can
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎11-28-2006 04:31 PM

‎11-28-2006 04:31 PM

Re: ssh and telnet

hi,

Please confirm that you have also tried:

telnet instead of telnet

and this too does not work...


kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Samir Pujara_1
Frequent Advisor

‎11-28-2006 05:12 PM

‎11-28-2006 05:12 PM

Re: ssh and telnet

Hi,

It seems your two servers are not in same subnet or having some routing issue. Please verify that you are able to ping from each other OR ssh to each other is working?
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎11-28-2006 06:19 PM

‎11-28-2006 06:19 PM

Re: ssh and telnet

yoogeraj have tried using hostname and ip address both doesn't work for telnet and ftp but ping is ok.
using ssh is ok.
Telnet and ftp from other server is ok.
Only from each other pc cannot. Both are in same segment.
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎11-28-2006 07:40 PM

‎11-28-2006 07:40 PM

Re: ssh and telnet

hi,

could there be any any firewall software installed that is blocking telnet connections?


kind regards
yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎11-28-2006 09:25 PM

‎11-28-2006 09:25 PM

Re: ssh and telnet

Actually this is new server model rx4640.
After I install ssh HP-UX Secure Shell A.04.30.014/015 to this server only telnet got problem from each other.
Sometimes when I use putty an error comes out as Putty Security Alert.
Warning-Potential Security Breach.
The server's host key does not match the one Putty has cached in registry. This means that either the server administrator has changed the host key, or you have actually connected to another computer pretending tobe the server.
The new rsa2 key fingerprint is:
ssh-rsa 1024 0c:ssdsfasfffsdfsdfsf and so on
If you were expecting this change and trust the new key, hit Yes to update the Putty's cache and continue connecting. If you want to carry on connecting but without updating the cache, hit No.
If you want to abandon the connection completely, hit Cancel. Hitting Cancel is the ONLY guaranteed safe choice.

I chose No to proceed and will get login prompt for ssh. if I click Yes it will logout.

Do I need to remove the ssh from the server and download new one and reinstall abck later to see how it goes.
Actually I also lost from SAM where to remove this software :-(

Fauziah
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎11-28-2006 09:27 PM

‎11-28-2006 09:27 PM

Re: ssh and telnet

Actually this is new server model rx4640.
After I install ssh HP-UX Secure Shell A.04.30.014/015 to this server only telnet got problem from each other.
Sometimes when I use putty an error comes out as Putty Security Alert.
Warning-Potential Security Breach.
The server's host key does not match the one Putty has cached in registry. This means that either the server administrator has changed the host key, or you have actually connected to another computer pretending to be the server.
The new rsa2 key fingerprint is:
ssh-rsa 1024 0c:ssdsfasfffsdfsdfsf and so on
If you were expecting this change and trust the new key, hit Yes to update the Putty's cache and continue connecting. If you want to carry on connecting but without updating the cache, hit No.
If you want to abandon the connection completely, hit Cancel. Hitting Cancel is the ONLY guaranteed safe choice.

I chose No to proceed and will get login prompt for ssh. if I click Yes it will logout.

Do I need to remove the ssh from the server and download new one and reinstall back later to see how it goes?
Actually I also lost from SAM where to remove this software :-(

Fauziah
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎11-28-2006 11:22 PM

‎11-28-2006 11:22 PM

Re: ssh and telnet

hi,

Quite difficult to troubleshoot this problem.

If you want to remove ssh from your system before we can further troubleshoot this problem, try to use "swremove"


kind regards
yogeeraj



No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎11-28-2006 11:44 PM

‎11-28-2006 11:44 PM

Re: ssh and telnet

hi again,

can you verify the following?

There is an additional inetd security check, which is referenced inside file /var/adm/inetd.conf

before checking he inetd.conf file, the daemon looks for the restrictions for telnet depending on the incoming IP address of the packet. If it is allowed per inetd.sec, rules it continues, if not, other side will see a "connection refused" message and connection terminates.

hope this helps!

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Geetha_1
Regular Advisor

‎11-29-2006 03:29 AM

‎11-29-2006 03:29 AM

Re: ssh and telnet

Are you running tcpwrappers on this box? If you are check the /etc/hosts.allow and /etc/hosts.deny file. I agree with Yogeeraj, look at the /var/adm/inetd.sec file. This file can block some machines from coming in.
Geetha.
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎11-29-2006 06:24 PM

‎11-29-2006 06:24 PM

Re: ssh and telnet

Hi,
I found the inetd.conf only at /etc and /usr/newconfig/etc
There is no inetd.conf under /var/adm directory

sample of the contents

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l
telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd
# Before uncommenting the "tftp" entry below, please make sure
# that you have a "tftp" user in /etc/passwd. If you don't
# have one, please consult the tftpd(1M) manual entry for
# information about setting up this service.

tftp dgram udp wait root /usr/lbin/tftpd tftpd\
/opt/ignite\
/var/opt/ignite
#bootps dgram udp wait root /usr/lbin/bootpd bootpd
#finger stream tcp nowait bin /usr/lbin/fingerd fingerd
login stream tcp6 nowait root /usr/lbin/rlogind rlogind
shell stream tcp6 nowait root /usr/lbin/remshd remshd
exec stream tcp6 nowait root /usr/lbin/rexecd rexecd
#uucp stream tcp nowait root /usr/sbin/uucpd uucpd
ntalk dgram udp wait root /usr/lbin/ntalkd ntalkd
auth stream tcp6 wait bin /usr/lbin/identd identd


Geetha, I did no run tcpwrapers to this box. I run ssh putty
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.