HPE Community
Operating System - Linux
1827706 Members
2946 Online
109967 Solutions
New Discussion

root blocked for network services

 
SOLVED
Go to solution
Tiago Marques_2
Advisor

‎07-16-2002 11:51 AM

‎07-16-2002 11:51 AM

root blocked for network services

Hi!

I'm tying to connect my Linux server by telnet, ftp, rlogin services, but, using the user root I can't get access, and using other users there is no problem. The message returned for the root when I try to use any network service is that the login is incorrect.
Do I need configure any access file to provide the access for the root user??

Thanks!
eestimq
0 Kudos
Reply
7 REPLIES 7
Steven Mertens
Trusted Contributor

‎07-16-2002 12:13 PM

‎07-16-2002 12:13 PM

Re: root blocked for network services

hi,

I assume you use a redhat distro :

for telnet add the following lines to
/etc/securetty

pts/0
pts/1
pts/2
...

for rlogin add the following line to
/etc/securetty

rlogin

for ftp (assume wu-ftp) add the following
to /etc/ftpaccess

allow-uid root
allow-gid root

Remember that it's not safe to use telnet
or rlogin , ssh is much better

Hope this helps.

Regards

Steven
0 Kudos
Reply
Steven Mertens
Trusted Contributor

‎07-16-2002 12:14 PM

‎07-16-2002 12:14 PM

Re: root blocked for network services


... i forgot , i think its also nessasary
to restart xinetd before it will work

-> service xinetd restart
0 Kudos
Reply
I_M
Honored Contributor

‎07-16-2002 05:55 PM

‎07-16-2002 05:55 PM

Solution

Re: root blocked for network services

Hi

Talking about telnet login by root, you need to change /etc/pam.d/login.

Find following line, then make it "comment".

auth required /lib/security/pam_securetty.so

Without this line, telnet login never check /etc/securetty file.

Good luck
Reply
Peter Kloetgen
Esteemed Contributor

‎07-17-2002 04:02 AM

‎07-17-2002 04:02 AM

Re: root blocked for network services

Hi Tiago,

you can also mv the securetty file:

mv /etc/securetty /etc/securetty.save

this prevents all network services to look into this file. You will also have to change a parameter in the telnet- file :

disable = yes --> change it to "no", otherwise root will never be able to telnet anything.

And yes, you *have* to restart xinetd.

This should do it for you, but as allready mentioned, never forget, telnet as root is a sucurity hole! Better telnet the remote host as a normal user and then do a su to root...

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Tiago Marques_2
Advisor

‎07-17-2002 04:11 AM

‎07-17-2002 04:11 AM

Re: root blocked for network services

Why using Telnet with root it's so unsecure??
eestimq
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

‎07-17-2002 06:48 AM

‎07-17-2002 06:48 AM

Re: root blocked for network services

Hi Tiago,

when you are telnetting to a remote host, you are forced to give a root password..... and the telnet service is using *no* data encryption. So if anybody in your network has a sniffer software....(like nettl on HP-UX or snoop on Solaris) he simply gets your root password. And this *is* unsecure! Further on, telnet sessions are relatively easy to overtake when you finish them.

So the better choice is *never* to telnet as root directly but do a switch user on the remote host to root. Or to use some terminal emulator software that use data encryption, like ReflectionX or Hummingbird Exeed.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Soumen Ghosh_1
Occasional Advisor

‎07-29-2002 03:39 AM

‎07-29-2002 03:39 AM

Re: root blocked for network services

Hello,

One small thing. Restarting 'xinetd' in this case is not necessary. If 'xinetd' has to be reconfigured, issuing the following command :
kill -SIGUSR1 `cat /var/run/xinetd.pid`
would reconfigure 'xinetd' service without stopping it.
Thanks.

Soumen Ghosh
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.