HPE Community
Operating System - HP-UX
1820719 Members
2951 Online
109627 Solutions
New Discussion юеВ

Re: telnet and restricting root access

 
Chelsea Matej_1
New Member

тАО06-25-2002 07:37 AM

тАО06-25-2002 07:37 AM

telnet and restricting root access

I need to connect to one of our servers via telnet as root. HPUX 10.2 from within our network. When I try, I get the message login incorrect. After searching the archives, I found references to /etc/ftpd and modifying the files ftpaccess or ftpusers. none of these exist on this server. I was thinking that this may be the problem, however, none of our 10.2 servers have this dir or files and they work fine.

The db admin thinks that the last sys admin changed some global variable or enviroment parameter to disallow root access to telnet.

Is anyone aware of how this may be done?

Thanks. C
0 Kudos
Reply
10 REPLIES 10
Sridhar Bhaskarla
Honored Contributor

тАО06-25-2002 07:40 AM

тАО06-25-2002 07:40 AM

Re: telnet and restricting root access

Hi,

Look at the contents of /etc/securetty file. It restricts the login for root.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sanjay_6
Honored Contributor

тАО06-25-2002 07:41 AM

тАО06-25-2002 07:41 AM

Re: telnet and restricting root access

Hi Chelsea,

Look for the file "securetty" in /etc. If this file exist and if it has an entry console in it, you can login as root only from the console. From all other tty, you can login as some other user and then do a "su -" to go as root.

If you want to login as root using telnet, you can move this file out of the way, delete it or rename it and then do a telnet to the system as root.

Hope this helps.

Regds
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

тАО06-25-2002 07:41 AM

тАО06-25-2002 07:41 AM

Re: telnet and restricting root access

Hi Chelsea,

you can use SAM to find out. Go to security and then check it out for telnet service. You can disable access with a lot of services for all, for specified networks, for hosts or for users.

But remember, telnet as root is a security hole!!! Telnet service uses no data encryption so better login as normal user and then make a switch user with su- command.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

тАО06-25-2002 07:41 AM

тАО06-25-2002 07:41 AM

Re: telnet and restricting root access

Take a look at the file:

/etc/securetty

This contains a list of all terminals from which a user may login directly as root. Chances are it just has the word "console" in it, which means you can only log in as root from the console.

To remove this protection, delete the file (DON'T just take the console line out of the file, that will prevent login directly as root from anywhere!)

I would advise against this however... much better practice is to login as a normal user, and then use 'su -' to become root.

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО06-25-2002 07:42 AM

тАО06-25-2002 07:42 AM

Re: telnet and restricting root access

Hi:

Check for 'etc/securetty'. If it exists this may be your problem. You would find a line:

root console

This would allow root to login to the console (only).

Regards!

...JRF...
0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

тАО06-25-2002 07:44 AM

тАО06-25-2002 07:44 AM

Re: telnet and restricting root access

Hi,

1. Check for the ipaddresses in /etc/hosts
2. Check the /etc/securetty file
3. Check the .rhosts file in the roots home directory

Piyush
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

тАО06-25-2002 07:49 AM

тАО06-25-2002 07:49 AM

Re: telnet and restricting root access

Also check for /etc/shells I think that is becasue someone has defined /bin/sh there so it will say root acess denied.

just delete that file or rename it.


Manoj Srivastava
0 Kudos
Reply
Shahul
Esteemed Contributor

тАО06-25-2002 08:01 AM

тАО06-25-2002 08:01 AM

Re: telnet and restricting root access


Hi

Are U able to login as normal user from the same machine? If yes, this can be because of /etc/securetty. Just move this file and see, whether U are able to login or not. If U are able to login as other users, but not root, then try trhis

Login as normal user, then

$su -


If U are not able to login at all from this machine, check for an entry in /var/adm/inetd.sec. Remove this and try

Best of luck
Shahul
0 Kudos
Reply
Chelsea Matej_1
New Member

тАО06-25-2002 09:29 AM

тАО06-25-2002 09:29 AM

Re: telnet and restricting root access

thanks everyone for your assistance. I think that I will leave the securetty file the way it is. then the db admin can just su -.

At least now, I know what is going on.

Chelsea
0 Kudos
Reply
Fred Martin_1
Valued Contributor

тАО06-26-2002 06:31 AM

тАО06-26-2002 06:31 AM

Re: telnet and restricting root access

I think that's wise ... if you force them to 'su' to root, then there is a log entry as to which user su'd to root, since they have to log in as themselves, first.
fmartin@applicatorssales.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.