HPE Community
Operating System - HP-UX
1837367 Members
3566 Online
110116 Solutions
New Discussion

Trusted system Telnet access

 
uspfoms
Regular Advisor

‎10-29-2007 09:59 AM

‎10-29-2007 09:59 AM

Trusted system Telnet access

HP unix 11i converted to trusted system, now I can not logon with Telnet. Does trusting a system stop all telnet access to it if so can it be turned back on a trusted system?
0 Kudos
Reply
7 REPLIES 7
David Bellamy
Respected Contributor

‎10-29-2007 10:08 AM

‎10-29-2007 10:08 AM

Re: Trusted system Telnet access

Yes telnet will still work.
0 Kudos
Reply
Fabian Briseño
Esteemed Contributor

‎10-29-2007 10:18 AM

‎10-29-2007 10:18 AM

Re: Trusted system Telnet access

Hello uspforms.
This should not affect telnet access,

check /etc/inetd.conf and see if telnet if checked if it is uncomment it.


Knowledge is power.
0 Kudos
Reply
Fabian Briseño
Esteemed Contributor

‎10-29-2007 10:20 AM

‎10-29-2007 10:20 AM

Re: Trusted system Telnet access

Also I forgot to mention you need to restart Inetd after you modify it in order for chnages to take place.


# inetd -c
Knowledge is power.
0 Kudos
Reply
Tor-Arne Nostdal
Trusted Contributor

‎10-31-2007 07:23 AM

‎10-31-2007 07:23 AM

Re: Trusted system Telnet access

You can use telnet in a trusted system - but then again, it would be better to not use it ;-)

Also check the file inetd.sec (see man inetd.sec)

Here you can customize the security for programs invoked via inetd.

If you use telnet I would propose that you restrict it to only be allowed within a secure "zone" (ex. LAN not WAN).

HP-UX still have several defaults which is considered insecure. You might have to harden the security for HP-UX's, while you might spend more time on opening a Linux system...

Search for "HP-UX Bastion host" if you want to read more on hardening HP-UX. (Bastion ~= Fortress)


/Tor-Arne
I'm trying to become President of the state I'm in...
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎10-31-2007 07:38 AM

‎10-31-2007 07:38 AM

Re: Trusted system Telnet access

What may have happened when you converted to trusted was that all the passwords expired. Do a /usr/lbin/modprpw -k user and see if "user" can now login.
If it ain't broke, I can fix that.
0 Kudos
Reply
Roberto Arias
Valued Contributor

‎01-08-2008 07:26 AM

‎01-08-2008 07:26 AM

Re: Trusted system Telnet access

Hi all:

please copy the error. Is in the login access, password...?

YOu can ckeck unconverting system and configuring policy of C2 before convert
The man is your friend
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-08-2008 10:12 AM

‎01-08-2008 10:12 AM

Re: Trusted system Telnet access

> now I can not logon with Telnet

This is far too vague to be useful. Do you see anything at all when you start telnet? It should show you the contents of the /etc/issue file before it asks for a login. If not, does it say: connection refused, or connection closed, or does it simply timeout with nothing at all shown on your screen?

If you get a login request, does it close the connection before you get a password request? If you can type the correct password, is the password more than 8 characters long?

And finally, did you convert to Trusted with SAM or simply run the tsconvert command? tsconvert will indeed expire *all* user accounts. Root can still login at the system console where you can reset the expired accounts with modprpw as mentioned before.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.