HPE Community
Operating System - HP-UX
1833785 Members
4487 Online
110063 Solutions
New Discussion

Telnet logins

 
SOLVED
Go to solution
Eugene Klaus
Frequent Advisor

‎04-11-2005 02:11 AM

‎04-11-2005 02:11 AM

Telnet logins

I have a server running HPUX 11.0.
Problem has arisen : any user attempting to log into server using a telnet session is granted access without requesting a password.
I have shutdown inetd until I have this solved.
I have remove an and all .rhosts files and /etc/hosts.equiv. The system has been rebooted.

Any ideas???
I have promises to keep and miles to go before I sleep and miles to go before I sleep
0 Kudos
9 REPLIES 9
Mark Nieuwboer
Esteemed Contributor

‎04-11-2005 02:20 AM

‎04-11-2005 02:20 AM

Solution

Re: Telnet logins

First you can shutdown telnet in
/var/adm/inetd.sec and put in this:
telnet deny

so you won't have to shutdown inetd.

Futher is it a trusted system or is it a non trusted system. If it is a non trusted system did you disable the non-password in the security file? if don't fix it.
0 Kudos
Chris Wilshaw
Honored Contributor

‎04-11-2005 02:23 AM

‎04-11-2005 02:23 AM

Re: Telnet logins

Eugene,

There are 2 possibilities here that I can think of;

1) Users have no passwords. If the password field of /etc/passwd is empty, users won't be asked to enter a password.

2) TAC access control is enabled on the server. This works in a similar way to host equivalency for rlogin. Check the telnetd line in /etc/inetd.conf If this contains the parameter -t, TAC is enabled. This is a security problem, as it works based on the UID number of the account, rather than the user name, so equivalence between hosts is not necessarily to the same user ID. This equivalence is based on /etc/hosts.equiv and local .rhosts files, so if you've removed those, it's unlikely to be this that's the problem.
0 Kudos
harry d brown jr
Honored Contributor

‎04-11-2005 02:23 AM

‎04-11-2005 02:23 AM

Re: Telnet logins


any user name?

What do the following commands

grep telnet /etc/services /etc/inetd.conf

ps -ef | grep -e telnet -e ssh

ls -l /var/adm/inetd.sec

grep -v "^#" /var/adm/inetd.sec

what /usr/lbin/telnetd

return?

If you rebooted then most likely inetd restarted.

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Steven E. Protter
Exalted Contributor

‎04-11-2005 02:30 AM

‎04-11-2005 02:30 AM

Re: Telnet logins

When you shut down inetd users with existing connections will not be logged off.

You can spot them with netstat -an

You have to terminate those users manually until your security problem is solved.

The inetd.sec file can be used to deny access by ip address if warranted. Once again the effect will not be immediate, just on new sessions.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Eugene Klaus
Frequent Advisor

‎04-11-2005 03:10 AM

‎04-11-2005 03:10 AM

Re: Telnet logins

grep telnet /etc/services /etc/inetd.conf
/etc/services:telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b/etc/issue

ps -ef|grep -e telnet -e ssh
eklaus1 3846 3844 8 08:27:22 ? 0:08 sshd: eklaus1@pts/0
root 2506 1 0 06:04:39 ? 0:00 /opt.ssh/sbin/sshd
root 4248 3882 6 10:43:59 pts/0 0:00 grep -e telnet -e ssh
r00t 3844 2506 0 08:27:12 ? 0:01 sshd: eklaus1 [priv]

grep -v "^#" /var/adm/inetd.sec
dtspc allow 127.0.0.1 loopback ese007

I have already shut inetd down using inetd -k.


inetd.conf has been copied from a working 11.0 server.
I have promises to keep and miles to go before I sleep and miles to go before I sleep
0 Kudos
harry d brown jr
Honored Contributor

‎04-11-2005 03:36 AM

‎04-11-2005 03:36 AM

Re: Telnet logins

Can you POST the output of this command again?

grep telnet /etc/services /etc/inetd.conf

because this is VERY wrong:
/etc/services:telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b/etc/issue

It should read:

/etc/services:telnet 23/tcp # Virtual Terminal Protocol
/etc/inetd.conf:telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/issue


from your output /etc/services has the contents of /etc/inetd.conf - Hopefully just a TYPO of cut & paste

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Eugene Klaus
Frequent Advisor

‎04-11-2005 04:17 AM

‎04-11-2005 04:17 AM

Re: Telnet logins

#grep telnet /etc/services /etc/inetd.conf
/etc/services:telnet 23/tcp #Virtual Terminal protocol
/etc/inetd.conf:telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b/etc/issue
I have promises to keep and miles to go before I sleep and miles to go before I sleep
0 Kudos
Eugene Klaus
Frequent Advisor

‎04-11-2005 05:54 AM

‎04-11-2005 05:54 AM

Re: Telnet logins

I thank you all for your attention to this matter. I have discovered the problem.
We had an abortive effort to install netbackup last week. I never completed.
During that attempt I believe that /etc/pam.conf was over written eliminating the passwd check. This was probably inteded to be temporary.

Upon updating the /etc/pam.conf file with a file from a working system our problem was solved.

I have promises to keep and miles to go before I sleep and miles to go before I sleep
0 Kudos
Eugene Klaus
Frequent Advisor

‎04-11-2005 05:55 AM

‎04-11-2005 05:55 AM

Re: Telnet logins

Thanks to everyone who responded.
I have promises to keep and miles to go before I sleep and miles to go before I sleep
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.