Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas? (6066 Views)
Reply
Frequent Advisor
NavyYard
Posts: 35
Registered: ‎05-16-2013
Message 1 of 13 (6,070 Views)
Accepted Solution

only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Hi All.

 

I have a HP-UX 11.31 server on a trusted base.

 

I can login into this server via iLo into the sever but I can not log into it via ssh, ftp or telnet.

 

/etc/default/security file is similar to other servers which allow ssh/ftp/telnet in.

 

Any ideas?

 

Thanks

Please use plain text.
Trusted Contributor
donna hofmeister
Posts: 188
Registered: ‎08-29-2008
Message 2 of 13 (6,066 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

have you checked your free space?  what about a tail of syslog?

Please use plain text.
Acclaimed Contributor
Dennis Handly
Posts: 24,380
Registered: ‎03-06-2006
Message 3 of 13 (6,062 Views)

Re: only console login allowed into the HP-UX server, can not ssh or telnet into it

>but I can not log into it via ssh, ftp or telnet.

 

What errors do you get?  Do all users fail to login?

Please use plain text.
Honored Contributor
Bill Hassell
Posts: 14,122
Registered: ‎05-29-2000
Message 4 of 13 (6,045 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Without error messages like "connection refused" or timeout, it is not easy to troubleshoot.  However, with the MP port working and you can login, HP-UX is just fine and your networking is down. Start with /var/adm/syslog/syslog.log. Do you see networking errors? What does lanscan report?

 

If you have just one LAN port defined such as lan0, what does lanadmin- g 0 show?

Please use plain text.
Frequent Advisor
NavyYard
Posts: 35
Registered: ‎05-16-2013
Message 5 of 13 (6,028 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

When I try to login, I get the following error:

 

Aug 29 14:11:31 Server sshd[27796]: Failed password for begi from 192.168.50.15 port 40917 ssh2
Aug 29 14:11:36 Server sshd[27827]: SSH: Server;Ltype: Authname;Remote: 192.168.50.15-22887;Name: begi [preauth]
Aug 29 14:11:46 Server sshd[27827]: Failed password for begi from 192.168.50.15 port 22887 ssh2
Aug 29 14:11:50 Server sshd[27827]: Connection closed by 192.168.50.15 [preauth]

 

I changed my password a few times but it does not let me in. Any advice.

 

Thanks

Please use plain text.
Frequent Advisor
NavyYard
Posts: 35
Registered: ‎05-16-2013
Message 6 of 13 (6,027 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Hi!

 

I can login to other servers from this server but can not login into it from other servers.

 

Thanks

Please use plain text.
Frequent Advisor
NavyYard
Posts: 35
Registered: ‎05-16-2013
Message 7 of 13 (6,023 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

syslog.log output:

 

Aug 29 14:53:39 srvr sshd[29917]: SSH: Server;Ltype: Version;Remote: 192.168.50.15-56478;Protocol: 2.0;Client: OpenSSH_6.2p1+sftpfilecontrol-v1.3-hpn13v12
Aug 29 14:53:39 srvr sshd[29917]: SSH: Server;Ltype: Kex;Remote: 192.168.50.15-56478;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
Aug 29 14:53:40 srvr sshd[29917]: SSH: Server;Ltype: Authname;Remote: 192.168.50.15-56478;Name: begi [preauth]
Aug 29 14:53:51 srvr sshd[29917]: Failed password for begi from 192.168.50.15 port 56478 ssh2
Aug 29 14:54:02 srvvr sshd[29917]: Connection closed by 192.168.50.15 [preauth]

Please use plain text.
Frequent Advisor
NavyYard
Posts: 35
Registered: ‎05-16-2013
Message 8 of 13 (6,022 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Hi!

 

Hi!.  Here is it:

# lanadmin -g 0

                      LAN INTERFACE STATUS DISPLAY
                       Thu, Aug 29,2013  12:57:03

PPA Number                      = 0
Description                     = lan0 HP 10GBase-KR Release CUP3_IOCXGBE_B.11.31.1109
Type (value)                    = ethernet-csmacd(6)
MTU Size                        = 1500
Speed                           = 1000000000
Station Address                 = 0xd4c9ef062798
Administration Status (value)   = up(1)
Operation Status (value)        = up(1)
Last Change                     = 288
Inbound Octets                  = 12201770
Inbound Unicast Packets         = 0
Inbound Non-Unicast Packets     = 71449
Inbound Discards                = 0
Inbound Errors                  = 0
Inbound Unknown Protocols       = 71449
Outbound Octets                 = 0
Outbound Unicast Packets        = 0
Outbound Non-Unicast Packets    = 0
Outbound Discards               = 0
Outbound Errors                 = 0
Outbound Queue Length           = 0
Specific                        = 655367

Ethernet-like Statistics Group

Index                           = 1
Alignment Errors                = 0
FCS Errors                      = 0
Single Collision Frames         = 0
Multiple Collision Frames       = 0
Deferred Transmissions          = 0
Late Collisions                 = 0
Excessive Collisions            = 0
Internal MAC Transmit Errors    = 0
Carrier Sense Errors            = 0
Frames Too Long                 = 0
Internal MAC Receive Errors     = 0

 

Thanks

Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,242
Registered: ‎12-02-2001
Message 9 of 13 (6,014 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

The error messages in the log seems to indicate a password authentication failure.

 

Did you use the console to change your password? Did your password include characters "@" or "#"?

 

If you used either of those characters on the console, your password may not be set to what you think it is: for historical reasons, HP-UX console can sometimes have very ancient default settings. In that situation, "#" acts as you would normally expect the backspace key to act. And the "@" character causes the system to ignore what you've entered on the command line or prompt so far, and start afresh.

 

Some old versions of the commercial SSH server also used to have this behavior on SSH sessions too.

 

Unless you've applied the necessary configuration change to avoid this problem system-wide, you might want to avoid these characters in your passwords. And as a HP-UX sysadmin, you should be aware of this behavior as you might still see it in some situations - like when booting a system to single user mode.

 

 

Also, if your system has only recently been converted to trusted mode, it may have been that only the first 8 characters of your (original) password had been stored. In the traditional (= non-trusted and non-shadow) mode, this can go unnoticed, since the password checking function will likewise truncate their input to 8 characters. But after switching to trusted mode, this truncation behaviour goes away - and if your password contains more than 8 characters, it will no longer match the stored password from the traditional mode, which only contains the first 8 characters.

 

Fortunately, the workaround for this problem is easy: try typing only the first 8 characters of your password to log in, then make sure the trusted mode is configured to accept longer passwords, and change your password once. After that, only the long form should be accepted.

MK
Please use plain text.
Trusted Contributor
Emil Velez_2
Posts: 117
Registered: ‎01-15-2002
Message 10 of 13 (5,964 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?t

try adding another user and logging in with that user

lookk for a file /etc/securetty. that could precent root from logging in

also check /etc/opt/ssh/sshd_config. it could prevent root from logging in

Emil Velez
HP UNIX Certified (CSA, CSE HPUX 11i High Availability) HP Software (Openview) Certified Consultant
Certified HP Instructor, Technical Certified I and II SMB and Enterprise
Master ASE Superdome Solutins

HP Education Services

Ask me about training on Blades, Proliant, HP-UX, ServiceGuard, Polyserve, X9000, Virtual Libraries, and High Availability

internet: Emil.Velez@hp.com
Linkedin: http://www.linkedin.com/in/emilvelez

Please use plain text.
Regular Advisor
Ajin_1
Posts: 192
Registered: ‎06-09-2009
Message 11 of 13 (5,955 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?t

Hi

 

May your root profile corrupted.Also check your firewall settings also.

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Please use plain text.
Occasional Advisor
Mike755
Posts: 15
Registered: ‎01-10-2013
Message 12 of 13 (5,935 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?t

Good ideas on here and I'd go with creating a new user and seeing if that user can log in.

 

You may find out that you need to re-enable the account your having issues with.  If on 11.31 it's a lot different administrating user accounts.  Instead of using "modprpw" type commands that were simple for troubleshooting you need to use "userdbxxx" commands.

 

Try this for kicks to see if it helps:

 

From ILO logged into console as root user:

 

userdbset -d -u bergi auth_failures  (Assuming bergi is the username your having issues with.)

 

If you find no users can get in then:

 

It’s been a while but here are a few things to check out off top of my head.

 

If you don’t want to use DNS any longer then move out the /etc/nswitch.conf file so it’s not read any longer.  The default at mention is only an example so won’t work without putting in correct DNS information.  This also goes in the /etc/resolv.conf file where you could run a “nslookup” on the IP you put in there if using DNS to see if it resolves correctly.  So if using DNS both these files should be populated, if not then neither should exist and /etc/hosts will be used.

 

SFTP my guess is  working but not all your pc’s have the client software installed to connect?

 

LDAP I would bet you are not using it.  I just worked on getting it configured here on our Itanium servers and told first Fiserv client to do this (Fiserv would not assist without an engagement and we felt didn’t have the knowledge for us to pay them…I worked directly with HP).  It’s slick and way cool but extremely complex in some areas but working great so far.

 

If you want to just test something check out your /etc/inted.conf file.  If done correctly you should see either commented out lines and or code showing FTP/Telnet listed in here.  This is where you disable various protocols and or implement them to be available.  If you do make a change save original copy (use comments too so you have code needed to disable/enable say telnet as an example).  If you want “telnet” enable be sure it’s uncommented or it defaults to only SSH.

 

You will have to bounce the listener in order for the change to take effect.  They say you can use the “inetd –c” command to have the kernel updated but this command had issues a while back might be better now.  Can test it but if doesn’t re-read in the changes then bounce as shown below.  This will cut off Internet Services during that short time if bounced rather than re-read using “inted –c”.

 

# date

Thu Aug 29 10:17:00 EDT 2013

# ll -d /etc/inetd.conf

-rw-r--r--   1 root       sys           6737 Aug 23 13:04 /etc/inetd.conf

# ps -ef | grep -i inetd | grep -v grep

    root 24621     1  0 10:15:04 ?         0:00 /usr/sbin/inetd -l

# inetd -c

# ps -ef | grep -i inetd | grep -v grep

    root 24621     1  0 10:15:04 ?         0:00 /usr/sbin/inetd -l

# /sbin/init.d/inetd stop

Internet Services stopped

# ps -ef | grep -i inetd | grep -v grep

# /sbin/init.d/inetd start

Internet Services started

# ps -ef | grep -i inetd | grep -v grep

    root 24656     1  0 10:17:50 ?         0:00 /usr/sbin/inetd -l

#

 

Thanks, Mike

Legalize Freedom
Please use plain text.
Frequent Advisor
NavyYard
Posts: 35
Registered: ‎05-16-2013
Message 13 of 13 (5,913 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Thank you for all the replies.

 

I had to boot the system in single user mode so I could login, untrust the system, reset the passwords for all accounts and trusted the system again to fix the problem.

 

Thanks for aal the replies.

 

 

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation