HPE Community
Operating System - Linux
1833704 Members
3303 Online
110062 Solutions
New Discussion

Re: telnet/root

 
SOLVED
Go to solution
Nobody's Hero
Valued Contributor

‎07-26-2003 03:11 PM

‎07-26-2003 03:11 PM

telnet/root

When I login directly into my RH8 system from the console, as root, I have no problem. When I telnet to this system and login as root, it denies me. How can I change this so I can login as root from a telnet session even though I know you should always su to root.

10x
RPM
UNIX IS GOOD
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎07-26-2003 06:52 PM

‎07-26-2003 06:52 PM

Solution

Re: telnet/root

This is an installation default of Red Hat 8.

Console root login is permitted, telnet root login is not.

The reason for this is because telnet transmits passwords back and forth to the terminal in clear text, even if that person is on the other end of the public internet.

This makes your root password vulnerable.

You really should not change this default. You can use secure shell, PuTTY windows client and do direct login as root.

Now that I've lectured you, here is how to change it, should you wish to compromise security.

There is a file called /etc/securetty

In it is a list of the terminals root is allowed to login on. Add the terminals or psuedo terminals that telnet uses to this file.

Please don't do this.

I will be happy to provide you information on how to do what you wish securely.

Steve "I work for points" Protter
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Balaji N
Honored Contributor

‎07-26-2003 07:01 PM

‎07-26-2003 07:01 PM

Re: telnet/root

sorry to jump in. Nice response "I want points" SEP.

But the reason why direct root login is disabled is not because of passwords being transferred over plain text.

Even if he logins in as a normal user and then does a su, the password can be trapped.

the whole idea is that a hacker needs to break in two passwords to get root access on a box. it kind of increases the security, which anyhow was not there.


and ssh is the way to go.

cheers
-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
Avinoam
Frequent Advisor

‎07-26-2003 09:56 PM

‎07-26-2003 09:56 PM

Re: telnet/root

there are 2 ways :

1.
you can edit the /etc/pam.d/rlogin file and comment out the line:

auth required /lib/security/pam_securetty.so

which will disable the use of the securetty file altogether.
( Very much _not_ recommended, but I thought I should mention it )

2.
if you edit /etc/securetty
and add pts[0-f] ( formerly ttyp[0-f] ) you should be able to login as
root via telnet.

Sababa
Reply
Claudio Cilloni
Honored Contributor

‎07-27-2003 04:20 AM

‎07-27-2003 04:20 AM

Re: telnet/root

I agree with SEP, using ssh is a good idea. Another useful thing of ssh (at least for me) is that it lets you to remote login without typing password; It does this in a secure way generating a RSA public key stored in the remote machine. I do this in my private (thrusted) network, but not for the root user! Typing root password remebers me one more time that I'm becoming sysadmin.

'man ssh' explains everything.

Ciao
Claudio
0 Kudos
Reply
Sunil Sharma_1
Honored Contributor

‎07-27-2003 09:26 PM

‎07-27-2003 09:26 PM

Re: telnet/root

Hi,

I am also facing same problem and after taking mantion steps also i am not able to login through telnet.

/etc/pam.d/rloging and /etc/secutty file is attached.
Please look into these files and tell me where i am wrong.


Thansk in advance

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
Balaji N
Honored Contributor

‎07-28-2003 02:22 AM

‎07-28-2003 02:22 AM

Re: telnet/root

dont touch ur pam files until u really know what u are doing, else ur probably going to land with a system which doesnt allow u to login.

my bit of caution.
-b-
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
Caesar_3
Esteemed Contributor

‎07-28-2003 12:26 PM

‎07-28-2003 12:26 PM

Re: telnet/root

Hello!

If the security doesn't metter to you
you can remove the /etc/securetty
then all would allowed.

Caesar
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.