HPE Community
Operating System - Linux
1825810 Members
2547 Online
109688 Solutions
New Discussion

telnet to linux box from remote

 
Mangesh Khatav_1
Advisor

‎05-27-2005 11:05 PM

‎05-27-2005 11:05 PM

telnet to linux box from remote

Hi all,

what should be the entry in /etc/securetty and /etc/pam.d/telnet file to give telnet access to root from remote m/c.

Regards
Mangesh Khatav
0 Kudos
Reply
13 REPLIES 13
Stuart Browne
Honored Contributor

‎05-27-2005 11:14 PM

‎05-27-2005 11:14 PM

Re: telnet to linux box from remote

Remote, are we talking over public networks here?

If so, scrap the idea immediately, and look at using SSH instead, much more secure (and strangely considerably easier).

If you're only talking about trusted local networks, then the only reliable way to do it is to modify '/etc/pam.d/login' and comment out the 'auth required pam_securetty.so' line.

Please not that this method is highly ill-advised! You should be logging in as a non-admin user, and 'su -' to get root access.
One long-haired git at your service...
0 Kudos
Reply
Mangesh Khatav_1
Advisor

‎05-27-2005 11:36 PM

‎05-27-2005 11:36 PM

Re: telnet to linux box from remote

I tried it but still i couldnt telnet from other m/c as a root.I can telnet by other user
what will be the problem.

pls help

Mangesh
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎05-27-2005 11:39 PM

‎05-27-2005 11:39 PM

Re: telnet to linux box from remote

make sure that securetty line in '/etc/pam.d/login' is either fully removed, or fully commented out. That is the only thing that will be restricting it.
One long-haired git at your service...
0 Kudos
Reply
Mangesh Khatav_1
Advisor

‎05-27-2005 11:52 PM

‎05-27-2005 11:52 PM

Re: telnet to linux box from remote

no result.same problem.I renamed the (/etc/pam.d/login)file too. do i have to restart any daemon or service for the same. do i have to give any entry in /etc/securetty file
0 Kudos
Reply
Mangesh Khatav_1
Advisor

‎05-27-2005 11:54 PM

‎05-27-2005 11:54 PM

Re: telnet to linux box from remote

no result.same problem.I renamed the (/etc/pam.d/login)file too. do i have to restart any daemon or service for the same.
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎05-27-2005 11:54 PM

‎05-27-2005 11:54 PM

Re: telnet to linux box from remote

'/etc/pam.d/login' MUST EXIST. Only the 'securetty' line should be removed.

There is nothing you can add to '/etc/securetty' in order to allow a 'telnet' user to log in as 'root'.
One long-haired git at your service...
0 Kudos
Reply
C. Beerse_1
Regular Advisor

‎05-29-2005 09:58 PM

‎05-29-2005 09:58 PM

Re: telnet to linux box from remote

If it is for a one-time telnet login (to install some stuff over the network for example) I find myself renaming /etc/securetty (to /etc/securetty.off) and back once finished.

My idea: if security is an issue, don't use telnet (and rsh/remsh, rlogin, rexec). If security is not an issue, securetty can be off (`mv /etc/securetty /etc/securetty.off`).

If you are somewhere in the middle, keep securetty and telnet. Login with your own account and change to root with `su`, `super` or `sudo` (or s-bits on executables)
make everything as simple as possible, not simpler (A.Einstein??)
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎05-29-2005 10:12 PM

‎05-29-2005 10:12 PM

Re: telnet to linux box from remote


in order to be able to login as root via telnet simply add to /etc/securetty
pts/0
pts/1
pts/2
pts/3
and so on until let's say
pts/10
Unless you want this system to be honey pot for hackers -do not connect it to the public network
0 Kudos
Reply
Huc_1
Honored Contributor

‎05-30-2005 02:12 AM

‎05-30-2005 02:12 AM

Re: telnet to linux box from remote

if setup as above reply's this should should work !
if not then have a check on log files in /var/login this will maybe reveal more info/pointer to problem.

like ex:
tail -20 /var/log/messages
tail -20 /var/log/security

or even better (at the same time that you try to log in as root)

tail -f /var/log/messages

Having said all this unless you have an absolute reason to use to use telnet, do not do this use ssh instead

by using telnet or ftp the user password is transmited in clear on the network (Lan and/or Wan)

Jean-Pierre Huc
Smile I will feel the difference
0 Kudos
Reply
Ross Minkov
Esteemed Contributor

‎05-31-2005 02:11 AM

‎05-31-2005 02:11 AM

Re: telnet to linux box from remote

Mangesh,

First let me repeat the same as the others -- do not use telnet, use ssh instead. Telnet is not secure. If you are in a very trusted network and need to use telnet for some reason, then do not telnet to the root account, telnet to some mortal account and then use sudo or something like it to become surepuser.

Things to check:

Is telnet server installed? Try this:
rpm -qa | grep telnet
if not install it.

Is telnet service enabled?
chkconfig --list | grep telnet
if not enable it:
chkconfig telnet on


Regards,
Ross


0 Kudos
Reply
Bejoy C Alias
Respected Contributor

‎06-02-2005 01:21 AM

‎06-02-2005 01:21 AM

Re: telnet to linux box from remote

The only thing U have to do is to rename or delete the file /etc/securetty and telnet from other clients ( u r telling that u can able to login as other users , means telnet server is working fine , so this should solve the pblm )
Be Always Joy ......
0 Kudos
Reply
Gabriel Jiménez Salazar
Occasional Contributor

‎06-03-2005 11:11 AM

‎06-03-2005 11:11 AM

Re: telnet to linux box from remote

the only only thing you have to do is comment the first line in /etc/pam.d/login and for the telnet server is up remember the telnet service is part of xinetd and that service must be up
0 Kudos
Reply
Suraj Singh_1
Trusted Contributor

‎06-06-2005 10:10 PM

‎06-06-2005 10:10 PM

Re: telnet to linux box from remote

There are 2 ways of doing it:

1. Edit /etc/pam.d/login file, and put a comment (#) in front of the line containing securetty.so, and

2. Edit /etc/securetty, and add all the pseudo ttys in this file, one in each line, like:
pts/0
pts/1
...
...

Regards,
Suraj
What we cannot speak about we must pass over in silence.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.