telnet login as root

telnet login as root

Post by Len Rawlin » Sat, 28 Feb 1998 04:00:00




Quote:> I connected Ultra 1 Solaris 2.6 and Pentium Solaris x86 2.5. using 10-T
> ethernet.  I have root ID and password on both machine and I opend telnet
> session from Ultra to x86.  I tried to login as root by typing root on
User ID
> prompt, x86 sent an error message "Not on system console" and login
faild.
> Could you tell me what I need to do?  Thanks.

What you can do is to make changes in the /etc/default/login script.
However; this is DEFINATELY NOT the preferred method, telnet sends the
password one char at at time in readable text.  There are several things
you can do, I';ll give you a few options, others may be able to give you
more.
        1) login as yourself then su - to root
              ( same sort of problem as above except hackers need 2 passwords )
        2) put yourself in a sysadmin group with root like privs
        3) go to the machine and log in as root on it.

Good Luck
Len Rawling

 
 
 

telnet login as root

Post by Zebee Johnsto » Sun, 01 Mar 1998 04:00:00



Quote:>password one char at at time in readable text.  There are several things
>you can do, I';ll give you a few options, others may be able to give you
>more.
>    1) login as yourself then su - to root
>          ( same sort of problem as above except hackers need 2 passwords )
>    2) put yourself in a sysadmin group with root like privs
>    3) go to the machine and log in as root on it.

4) use secure shell (ssh) as found at  http://www.cs.hut.fi/ssh

Given the current state of DES decryption this is not as safe
as option 3) but it's still pretty damn good.

Zebee

 
 
 

telnet login as root

Post by William LeFebv » Sun, 01 Mar 1998 04:00:00




Quote:>this is actually a desired security feature -- one enabled in
>/etc/default/login.

But you didn't mention how to turn it off.

Look at the file /etc/default/login.  It will contain the following lines:

# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console

Should be self-explanatory.

HOWEVER.  THIS IS NOT RECOMMENDED for security reasons.

Most security savvy folks would prefer some mechanism for tracking
who becomes root when.  Thus, remote logins as root are not allowed:
one must first login as one's self, then use "su" to become root.
Now the system has a record of who it was that became root.

If you are concerned about typing the root password in over an
unsecure network (which you'd be doing either with a direct login or
an su session), then consider ssh.  By default ssh encrypts every
session.  I *strongly* recommend ssh for any installation concerned
about eavesdroppers.  No let me rephrase that:  I strongly recommend
ssh for any installation that *should* be concerned about eavesdroppers,
even if they currently are not concerned about the problem!

Quote:> - install ssh.
> - install sudo.
> - install the s/key package

Or just use "su".

--
                                William LeFebvre
                                Group sys Consulting

                                +1 770 813 3224

 
 
 

telnet login as root

Post by Thomas W » Mon, 02 Mar 1998 04:00:00



> Given the current state of DES decryption this is not as safe
> as option 3) but it's still pretty damn good.

SRP telnet supports 128-bit CAST encryption.  ssh might support
IDEA - check the version you downloaded.  It probably also has
triple-DES support.
--


  Phone: (650) 725-6969                     or better,' so I installed Linux."
   http://www-cs-students.stanford.edu/~tjw/                Visit my homepage!
 
 
 

telnet login as root

Post by Casper H.S. Dik - Network Security Engine » Tue, 03 Mar 1998 04:00:00


[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]


>I connected Ultra 1 Solaris 2.6 and Pentium Solaris x86 2.5. using 10-T
>ethernet.  I have root ID and password on both machine and I opend telnet
>session from Ultra to x86.  I tried to login as root by typing root on User ID
>prompt, x86 sent an error message "Not on system console" and login faild.
>Could you tell me what I need to do?  Thanks.

The solaris FAQ says:

3.7) Why can't I rlogin/telnet in as root?

    >... when I try to rlogin as root ...
    >it gives me the message "Not on system console
    >Connection closed.".  What have I left out?

    Solaris 2 comes out of the box a heck of a lot more secure than
    Solaris 1.  There is no '+' in the hosts.equiv.  root logins are not
    allowed anywhere except the console.  All accounts require passwords.
    In order to allow root logins over the net, you need to edit the
    /etc/default/login file and comment out or otherwise change the
    CONSOLE= line.

    This file's CONSOLE entry can actually be used in a variety of ways:

    1) CONSOLE=/dev/console (default) - direct root logins only on console
    2) CONSOLE=/dev/ttya - direct root logins only on /dev/ttya
    3) CONSOLE= - direct root logins disallowed everywhere
    4) #CONSOLE (or delete the line) - root logins allowed everywhere

    /etc/hosts.equiv is still supported, but there is no default.

    --- end of excerpt from the FAQ

Questions marked with a * or + have been changed or added since
the FAQ was last posted

The most recently posted version of the FAQ is available from
<http://www.wins.uva.nl/pub/solaris/solaris2/>
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

telnet login as root

Post by Sys. Admi » Tue, 03 Mar 1998 04:00:00


Has anyone noticed that if someone has evesdropped on the root
password ( saw you type it into su say ) they can ftp in as root
and put in an /etc/default/login which doesn't have a CONSOLE=
line and then telnet in all they want...

        I used this to get into my own machine when it was hosed
and I couldn't get to it. Kinda defeats the purpose doesn't it?

--
                                   _
-------------------------------ooO( )Ooo-------------------------------
Kyle J. McDonald                 (o o)                 Systems Analyst/
Northeastern University          |||||          Applications Programmer

360 Huntington Ave. 230SN        \\\//          voice:    (617)373-3361
Boston MA 02115                  (o o)            fax:    (617)373-8504
-------------------------------ooO(_)Ooo-------------------------------

 
 
 

telnet login as root

Post by Supak Lailer » Wed, 04 Mar 1998 04:00:00



: Has anyone noticed that if someone has evesdropped on the root
: password ( saw you type it into su say ) they can ftp in as root
: and put in an /etc/default/login which doesn't have a CONSOLE=
: line and then telnet in all they want...

:       I used this to get into my own machine when it was hosed
: and I couldn't get to it. Kinda defeats the purpose doesn't it?

That's one of things we need to do when bringing up a new box:
create /etc/ftpusers and put root, bin, sys, et al. in it.

Supak

 
 
 

telnet login as root

Post by Doug Hugh » Wed, 04 Mar 1998 04:00:00



Quote:> Has anyone noticed that if someone has evesdropped on the root
> password ( saw you type it into su say ) they can ftp in as root
> and put in an /etc/default/login which doesn't have a CONSOLE=
> line and then telnet in all they want...

>    I used this to get into my own machine when it was hosed
> and I couldn't get to it. Kinda defeats the purpose doesn't it?

This underscores the importance of having a proper /etc/ftpusers file.
here's a bare minimum:
root
daemon
bin
sys
adm
lp
smtp
uucp
nuucp
listen

--
____________________________________________________________________________
Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University

 
 
 

telnet login as root

Post by Jonathan Cleme » Wed, 04 Mar 1998 04:00:00




Quote:>Has anyone noticed that if someone has evesdropped on the root
>password ( saw you type it into su say ) they can ftp in as root
>and put in an /etc/default/login which doesn't have a CONSOLE=
>line and then telnet in all they want...

>    I used this to get into my own machine when it was hosed
>and I couldn't get to it. Kinda defeats the purpose doesn't it?

From the in.ftpd(1M) man page...

     in.ftpd authenticates users according to four rules.

           1)    The user name must be in the password data base,
                 ...

           2)    If  the  user   name   appears   in   the   file
                 /etc/ftpusers, ftp access is denied.

Root should always be in /etc/ftpusers. Even if you supply the correct
root password, root ftp login then fails step two. However, like most
other Unix utilities, ftpd doesn't force you to run in secure mode.

Jonathan Clemens

 
 
 

telnet login as root

Post by Kyle McDonal » Wed, 04 Mar 1998 04:00:00


Thanx for all the posts detailing /etc/ftpusers.

I knew all about that before though ;^)

I thought I was responding to a comment on
how Sun had tried to make Solaris more secure by default than
SunOS had been. I was just pointing out that unless the
ftpusers file is installed like that by default, then
they kinda missed the mark.

--
                                   _
-------------------------------ooO( )Ooo-------------------------------
Kyle J. McDonald                 (o o)                 Systems Analyst/
Northeastern University          |||||          Applications Programmer

360 Huntington Ave. 230SN        \\\//          voice:    (617)373-3361
Boston MA 02115                  (o o)            fax:    (617)373-8504
-------------------------------ooO(_)Ooo-------------------------------

 
 
 

telnet login as root

Post by John D Groenve » Thu, 05 Mar 1998 04:00:00






>Root should always be in /etc/ftpusers. Even if you supply the correct

Or create an /etc/shells and don't include /sbin/sh

John

 
 
 

1. can't login as "root" from the lan or telnet

I have a linux system in my house lan connected to my other computer
running windows95 and connected PPP to the internet with a static IP.
From time to time I can't login as "root" from the other computer in the
lan or the same happens if I try to login telneting from a remote
location. After a few hours or sometime a day or two I can login as
"root" again from the lan or telnet. I can login at any time as a
regular user. Only the "root" has the temporary login problem.
Does anyone know what's the problem?
                          Thanks,
                           Rafael.

2. dd and tar

3. how login as root in telnet session

4. WWW counter help

5. Can' t login as root via telnet

6. C/C++, Solaris, Switching Engineers Needed!

7. How can avoid root login with telnet?

8. Blue Lightnening 486DX4-100...anyone using?

9. Enabling root login via telnet & ftp

10. root login denied over telnet in RH6.0

11. Root login through telnet/rlogin on RH6.1?

12. Can 'root' login through telnet connection?

13. Login as root with telnet session