HPE Community
Operating System - Linux
1827794 Members
2352 Online
109969 Solutions
New Discussion

Re: How come I cannot telnet to LINUX using root user id?

 
Rashid Ali
Frequent Advisor

‎06-01-2001 05:12 PM

‎06-01-2001 05:12 PM

How come I cannot telnet to LINUX using root user id?

I was wondering how come I cannot telnet to LINUX from Win98/NT using root user id, because I can login as normal user and then run su to become root user.

Thanks,
0 Kudos
Reply
8 REPLIES 8
Denver Osborn
Honored Contributor

‎06-01-2001 06:33 PM

‎06-01-2001 06:33 PM

Re: How come I cannot telnet to LINUX using root user id?

Does the /etc/securetty file exist? If it does and there isn't an entry for the port you're coming from then you won't be able to login as root. Either move the /etc/securetty file aside or add an entry for where you want root to be allowed access from. Keep in mind that by moving the file aside, root will be allowed login from anywhere.

Hope this helps
-denver
0 Kudos
Reply
Vincenzo Restuccia
Honored Contributor

‎06-05-2001 01:13 AM

‎06-05-2001 01:13 AM

Re: How come I cannot telnet to LINUX using root user id?

#mv /etc/securetty /tmp
0 Kudos
Reply
Rashid Ali
Frequent Advisor

‎06-05-2001 06:29 PM

‎06-05-2001 06:29 PM

Re: How come I cannot telnet to LINUX using root user id?

Yes, there is such a file. But there are tty device names already defined there, tty1,tty2,tty3,etc. One device one line. After I add in an entry "128.188.3.92", I still cannot telnet in as root until I move it to /tmp. Is there any way to add in such an entry so that only certain(defined) PC hosts are allowed to telnet as root?
0 Kudos
Reply
Nick Snellock
New Member

‎06-06-2001 11:17 AM

‎06-06-2001 11:17 AM

Re: How come I cannot telnet to LINUX using root user id?

It is better to follow the default setting for this and to log in as another user. You can then use the su or su - command to become root once you are logged in. This has been set up like this as a security measure to provide some protection for your system.
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

‎06-06-2001 04:08 PM

‎06-06-2001 04:08 PM

Re: How come I cannot telnet to LINUX using root user id?

Zhang, that is precisely how to set it up.

Puzzling that you can telnet in as regular user but not as root when your ip is in the securetty file. I'm assuming that this is true from the same machine. (eg. from machine A: telnet linux.box -l joeuser -->success
A: telnet linux.box -l root --> failure )

If this is not the case, but rather you cannot telnet in at all, check the (RH 7.0 +>)
/etc/xinetd.d/telnet file for disable = no, and set that to yes instead. (or /etc/inetd.conf for <=RH 6.2)
0 Kudos
Reply
Rashid Ali
Frequent Advisor

‎06-06-2001 04:58 PM

‎06-06-2001 04:58 PM

Re: How come I cannot telnet to LINUX using root user id?

I was also wondering whether in Linux there is such a file similar to /var/adm/inetd.sec in HP-UX whereby you can define which host has what kind of access to the server such as telnet,ftp,etc.(deny--yes/no).

It seems your solution or Linux's solution is not so flexible. What's the syntax of /etc/securetty? It seems I cannot just add in some hosts' IP address to allow them login as root. Linux either don't allow any remote login as root or allow login as root from any remote host. Am I right?
0 Kudos
Reply
Laurent Paumier
Trusted Contributor

‎06-07-2001 04:13 AM

‎06-07-2001 04:13 AM

Re: How come I cannot telnet to LINUX using root user id?

/etc/securetty only defines terminals (device files) on which you are able to logon as root. It has nothing to do with network security such as "from which host do we accept telnet connections". For that, you can configure service/hosts you accept/reject in the files /etc/hosts.allow and /etc/hosts.deny. Do a "man hosts_access" for more information.
0 Kudos
Reply
Sorrel G. Jakins
Valued Contributor

‎06-12-2001 08:49 AM

‎06-12-2001 08:49 AM

Re: How come I cannot telnet to LINUX using root user id?

If you make a syntax error in /etc/securetty then that entry is ignored.

BTW Zhang, you need to assign points to these responses, otherwise soem of the regulars will stop replying to you.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.