HPE Community
Operating System - Linux
1827892 Members
1923 Online
109969 Solutions
New Discussion

Re: Login as root

 
SOLVED
Go to solution
peterchu
Super Advisor

‎02-19-2004 05:06 PM

‎02-19-2004 05:06 PM

Login as root

In our system , the root can't login directly , it can only login as gerenal user then "su" to root , how to make the root user can login directly ? thx.
0 Kudos
Reply
14 REPLIES 14
Mark Grant
Honored Contributor

‎02-19-2004 06:44 PM

‎02-19-2004 06:44 PM

Solution

Re: Login as root

Remove /etc/securetty or add all the terminals that you want root to be able to log in from.

This file contains a list of terminals root can log on to.
Never preceed any demonstration with anything more predictive than "watch this"
Reply
peterchu
Super Advisor

‎02-19-2004 06:54 PM

‎02-19-2004 06:54 PM

Re: Login as root

thx reply , for the second method , I want my pc can login as root through the telnet function , what terminaal that I should add to ? thx.
0 Kudos
Reply
Mark Grant
Honored Contributor

‎02-19-2004 07:01 PM

‎02-19-2004 07:01 PM

Re: Login as root

This might get a bit irritating for you and isn't particularly secure but you have to add all the "pseudo" tty's that you are likely to use. If you only have a few users then it's not so bad though.

You could start off by adding these

pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7

If you find you run out and you can't log in, just add more of them.

To find out what tty you are currently using run "tty". However, you may well get a different pseudo tty each time you connect. You just have to add all of the ones you are likely to use.
Never preceed any demonstration with anything more predictive than "watch this"
Reply
PVR
Valued Contributor

‎02-19-2004 08:43 PM

‎02-19-2004 08:43 PM

Re: Login as root

Don't do this. This is not at all advised.

edit /etc/securetty and add
pts/0
pts/1


Don't give up. Try till success...
0 Kudos
Reply
Sunil Sharma_1
Honored Contributor

‎02-19-2004 08:48 PM

‎02-19-2004 08:48 PM

Re: Login as root

This si an extra layer of security. Please bear with this it will help you if somebody will play with your system.

even if you want to login as root from PC put the entries in /etc/securtty file.


Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎02-20-2004 12:03 AM

‎02-20-2004 12:03 AM

Re: Login as root

I'd go with Mark Grant's advise rather than PVR's since if (for example) you use X and open a terminals there - then each terminal would occupy respective /dev/ptsX and you may simply run out of the permitted terminals .To see who's logged and where use the w command.
As for security -since you do enable telnet not to mention for root-I understand that the security is not the issue here.
Reply
Paul Cross_1
Respected Contributor

‎02-20-2004 05:39 AM

‎02-20-2004 05:39 AM

Re: Login as root

Just wanted to add 2 cents to the security thread here. I don't see how logging in with telnet as userx and running "su - root" is more secure than logging in directly as root. Someone snooping your network is going to get your passwords regardless.
0 Kudos
Reply
Olivier Drouin
Trusted Contributor

‎02-20-2004 06:36 AM

‎02-20-2004 06:36 AM

Re: Login as root

If you use SSH

/etc/ssh/sshd_config
PermitRootLogin yes
0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

‎02-20-2004 01:22 PM

‎02-20-2004 01:22 PM

Re: Login as root

You really should have a look at ssh for root logins. It gives you all that telnet does, but since the password is sent encrypted it is much more secure.

Basic usage: ssh root@

Greetings, Martin
0 Kudos
Reply
Mark Travis
Frequent Advisor

‎02-20-2004 02:09 PM

‎02-20-2004 02:09 PM

Re: Login as root

pcross --

Requiring an "su" keeps somebody from brute-forcing the root password remotely. You're right that if they eavesdrop the connection that they get it either way. But with root-enabled telnet it's possible for an attacker to keep trying root passwords forever across the network and eventually they'll get in.

So disabling root access from telnet (or ssh for that matter) adds at least one more step somebody has to go through to own the system.
0 Kudos
Reply
bong_3
Advisor

‎02-21-2004 12:57 AM

‎02-21-2004 12:57 AM

Re: Login as root

hi there,

i suggest you use ssh...
ssh [ip add] you can remote log in as root directly and offers security as well.

rgds,
Bong
0 Kudos
Reply
Paul Cross_1
Respected Contributor

‎02-23-2004 05:14 AM

‎02-23-2004 05:14 AM

Re: Login as root

Mark Travis:
But is ssh really any different? I could sit and type root passwds for root-enabled ssh until my fingers are nubs.
0 Kudos
Reply
Chris Vail
Honored Contributor

‎02-23-2004 09:39 AM

‎02-23-2004 09:39 AM

Re: Login as root

Many responders have missed the point of having an /etc/securetty file. Logging in as root using telnet, remsh or rsh does not leave an audit trail. However, if you log into a private user, and use the su command, this is logged in the syslog file. This is part and parcel of any reasonably secure system. In a shop where multiple people have the root account, merely looking at this log tells you who actually was on the system when it was screwed up.
As a rule, secure shell is a superior way to go, as it also writes logs, but if its configured properly will not challenge for a password, yet still be secure.


Chris
Reply
Martin P.J. Zinser
Honored Contributor

‎02-23-2004 01:40 PM

‎02-23-2004 01:40 PM

Re: Login as root

Hello,

also to note, there is a root on every unix system I ever worked on, so this is a known good account to attack. Throwing in a "normal" user account in between means one more thing to guess for an outside attacker (does not help against internals though).

Greetings, Martin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.