12-16-2011 07:03 AM
I am not able to telent via root user directly, an non-power user is able to telnet from there I can su - in order to get root access.
I am able to access via root from serial console, please note I have installed this server from ignite tape.
Also I have turned off restricted security mode i.e.. tsconvert -r
root user can access from ssh.
Thanks and Regards,
Solved! Go to Solution.
12-16-2011 07:29 AM
You probably have a file called /etc/securetty and the contents of that file is the word 'console'.
# cat /etc/securetty
This means that root is ONLY allowed to login directly from the console. Direct root login via telnet from any other device is not permitted. SSH does not query this file. SSH access via root is controlled via the sshd_config file.
If you want to allow root access from devices other than the console, just rename the file to something else, like /etc/securetty.orig.
I would recommend leaving it as is though. It is good security practice to make admins login as themselves and then su to the root user only when necessary.
12-16-2011 07:38 AM
Thanks for ur quick response, I also gone through tha file and I hashed out this entry, but that did not work.
In order to adopt changes in /etc/securetty, what steps are required.
Secondly, thanks for ur suggestions regarding root user, but customer is asking to remove this security measure.
12-16-2011 09:16 AM
A further explanation of the /etc/securetty file:
The contents of the file are the tty's where root is allowed to log into the system. When the system checks the file '/dev/' will be prepended to whatever is in the file. So, if the word 'console' is in the file then the system will interpret that as /dev/console and that is where root is allowed to log in.
If there is anything else there then /dev/ will be prepended to that. So if you have '#console' in the file then the system may see if as '/dev/#console'. Since that does not match any valid device file, root is not allowed to log in.
If there is nothing in the file, then the system may just see it as /dev/ whis not a valid file either, so again root can't log in.
If you do not want any restrictions on where root can log in from, move or remove the /etc/securetty file. If the file does not exist there are not restrictions for the root login.