Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas? (7683 Views)
Reply
Valued Contributor
NavyYard
Posts: 46
Registered: ‎05-16-2013
Message 1 of 13 (7,840 Views)
Accepted Solution

only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Hi All.

 

I have a HP-UX 11.31 server on a trusted base.

 

I can login into this server via iLo into the sever but I can not log into it via ssh, ftp or telnet.

 

/etc/default/security file is similar to other servers which allow ssh/ftp/telnet in.

 

Any ideas?

 

Thanks

Trusted Contributor
donna hofmeister
Posts: 191
Registered: ‎08-29-2008
Message 2 of 13 (7,836 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

have you checked your free space?  what about a tail of syslog?

Acclaimed Contributor
Dennis Handly
Posts: 25,290
Registered: ‎03-06-2006
Message 3 of 13 (7,832 Views)

Re: only console login allowed into the HP-UX server, can not ssh or telnet into it

>but I can not log into it via ssh, ftp or telnet.

 

What errors do you get?  Do all users fail to login?

Honored Contributor
Bill Hassell
Posts: 14,225
Registered: ‎05-29-2000
Message 4 of 13 (7,815 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Without error messages like "connection refused" or timeout, it is not easy to troubleshoot.  However, with the MP port working and you can login, HP-UX is just fine and your networking is down. Start with /var/adm/syslog/syslog.log. Do you see networking errors? What does lanscan report?

 

If you have just one LAN port defined such as lan0, what does lanadmin- g 0 show?

Valued Contributor
NavyYard
Posts: 46
Registered: ‎05-16-2013
Message 5 of 13 (7,798 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

When I try to login, I get the following error:

 

Aug 29 14:11:31 Server sshd[27796]: Failed password for begi from 192.168.50.15 port 40917 ssh2
Aug 29 14:11:36 Server sshd[27827]: SSH: Server;Ltype: Authname;Remote: 192.168.50.15-22887;Name: begi [preauth]
Aug 29 14:11:46 Server sshd[27827]: Failed password for begi from 192.168.50.15 port 22887 ssh2
Aug 29 14:11:50 Server sshd[27827]: Connection closed by 192.168.50.15 [preauth]

 

I changed my password a few times but it does not let me in. Any advice.

 

Thanks

Valued Contributor
NavyYard
Posts: 46
Registered: ‎05-16-2013
Message 6 of 13 (7,797 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Hi!

 

I can login to other servers from this server but can not login into it from other servers.

 

Thanks

Valued Contributor
NavyYard
Posts: 46
Registered: ‎05-16-2013
Message 7 of 13 (7,793 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

syslog.log output:

 

Aug 29 14:53:39 srvr sshd[29917]: SSH: Server;Ltype: Version;Remote: 192.168.50.15-56478;Protocol: 2.0;Client: OpenSSH_6.2p1+sftpfilecontrol-v1.3-hpn13v12
Aug 29 14:53:39 srvr sshd[29917]: SSH: Server;Ltype: Kex;Remote: 192.168.50.15-56478;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
Aug 29 14:53:40 srvr sshd[29917]: SSH: Server;Ltype: Authname;Remote: 192.168.50.15-56478;Name: begi [preauth]
Aug 29 14:53:51 srvr sshd[29917]: Failed password for begi from 192.168.50.15 port 56478 ssh2
Aug 29 14:54:02 srvvr sshd[29917]: Connection closed by 192.168.50.15 [preauth]

Valued Contributor
NavyYard
Posts: 46
Registered: ‎05-16-2013
Message 8 of 13 (7,792 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Hi!

 

Hi!.  Here is it:

# lanadmin -g 0

                      LAN INTERFACE STATUS DISPLAY
                       Thu, Aug 29,2013  12:57:03

PPA Number                      = 0
Description                     = lan0 HP 10GBase-KR Release CUP3_IOCXGBE_B.11.31.1109
Type (value)                    = ethernet-csmacd(6)
MTU Size                        = 1500
Speed                           = 1000000000
Station Address                 = 0xd4c9ef062798
Administration Status (value)   = up(1)
Operation Status (value)        = up(1)
Last Change                     = 288
Inbound Octets                  = 12201770
Inbound Unicast Packets         = 0
Inbound Non-Unicast Packets     = 71449
Inbound Discards                = 0
Inbound Errors                  = 0
Inbound Unknown Protocols       = 71449
Outbound Octets                 = 0
Outbound Unicast Packets        = 0
Outbound Non-Unicast Packets    = 0
Outbound Discards               = 0
Outbound Errors                 = 0
Outbound Queue Length           = 0
Specific                        = 655367

Ethernet-like Statistics Group

Index                           = 1
Alignment Errors                = 0
FCS Errors                      = 0
Single Collision Frames         = 0
Multiple Collision Frames       = 0
Deferred Transmissions          = 0
Late Collisions                 = 0
Excessive Collisions            = 0
Internal MAC Transmit Errors    = 0
Carrier Sense Errors            = 0
Frames Too Long                 = 0
Internal MAC Receive Errors     = 0

 

Thanks

Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 9 of 13 (7,784 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

The error messages in the log seems to indicate a password authentication failure.

 

Did you use the console to change your password? Did your password include characters "@" or "#"?

 

If you used either of those characters on the console, your password may not be set to what you think it is: for historical reasons, HP-UX console can sometimes have very ancient default settings. In that situation, "#" acts as you would normally expect the backspace key to act. And the "@" character causes the system to ignore what you've entered on the command line or prompt so far, and start afresh.

 

Some old versions of the commercial SSH server also used to have this behavior on SSH sessions too.

 

Unless you've applied the necessary configuration change to avoid this problem system-wide, you might want to avoid these characters in your passwords. And as a HP-UX sysadmin, you should be aware of this behavior as you might still see it in some situations - like when booting a system to single user mode.

 

 

Also, if your system has only recently been converted to trusted mode, it may have been that only the first 8 characters of your (original) password had been stored. In the traditional (= non-trusted and non-shadow) mode, this can go unnoticed, since the password checking function will likewise truncate their input to 8 characters. But after switching to trusted mode, this truncation behaviour goes away - and if your password contains more than 8 characters, it will no longer match the stored password from the traditional mode, which only contains the first 8 characters.

 

Fortunately, the workaround for this problem is easy: try typing only the first 8 characters of your password to log in, then make sure the trusted mode is configured to accept longer passwords, and change your password once. After that, only the long form should be accepted.

MK
Trusted Contributor
Emil Velez_2
Posts: 126
Registered: ‎01-15-2002
Message 10 of 13 (7,734 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?t

try adding another user and logging in with that user

lookk for a file /etc/securetty. that could precent root from logging in

also check /etc/opt/ssh/sshd_config. it could prevent root from logging in

Emil Velez
HP UNIX Certified (CSA, CSE HPUX 11i High Availability) HP Software (Openview) Certified Consultant
Certified HP Instructor, Technical Certified I and II SMB and Enterprise
Master ASE Superdome Solutins

HP Education Services

Ask me about training on Blades, Proliant, HP-UX, ServiceGuard, Polyserve, X9000, Virtual Libraries, and High Availability

internet: Emil.Velez@hp.com
Linkedin: http://www.linkedin.com/in/emilvelez

Regular Advisor
Ajin_1
Posts: 204
Registered: ‎06-09-2009
Message 11 of 13 (7,725 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?t

Hi

 

May your root profile corrupted.Also check your firewall settings also.

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Advisor
Mike755
Posts: 17
Registered: ‎01-10-2013
Message 12 of 13 (7,705 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?t

Good ideas on here and I'd go with creating a new user and seeing if that user can log in.

 

You may find out that you need to re-enable the account your having issues with.  If on 11.31 it's a lot different administrating user accounts.  Instead of using "modprpw" type commands that were simple for troubleshooting you need to use "userdbxxx" commands.

 

Try this for kicks to see if it helps:

 

From ILO logged into console as root user:

 

userdbset -d -u bergi auth_failures  (Assuming bergi is the username your having issues with.)

 

If you find no users can get in then:

 

It’s been a while but here are a few things to check out off top of my head.

 

If you don’t want to use DNS any longer then move out the /etc/nswitch.conf file so it’s not read any longer.  The default at mention is only an example so won’t work without putting in correct DNS information.  This also goes in the /etc/resolv.conf file where you could run a “nslookup” on the IP you put in there if using DNS to see if it resolves correctly.  So if using DNS both these files should be populated, if not then neither should exist and /etc/hosts will be used.

 

SFTP my guess is  working but not all your pc’s have the client software installed to connect?

 

LDAP I would bet you are not using it.  I just worked on getting it configured here on our Itanium servers and told first Fiserv client to do this (Fiserv would not assist without an engagement and we felt didn’t have the knowledge for us to pay them…I worked directly with HP).  It’s slick and way cool but extremely complex in some areas but working great so far.

 

If you want to just test something check out your /etc/inted.conf file.  If done correctly you should see either commented out lines and or code showing FTP/Telnet listed in here.  This is where you disable various protocols and or implement them to be available.  If you do make a change save original copy (use comments too so you have code needed to disable/enable say telnet as an example).  If you want “telnet” enable be sure it’s uncommented or it defaults to only SSH.

 

You will have to bounce the listener in order for the change to take effect.  They say you can use the “inetd –c” command to have the kernel updated but this command had issues a while back might be better now.  Can test it but if doesn’t re-read in the changes then bounce as shown below.  This will cut off Internet Services during that short time if bounced rather than re-read using “inted –c”.

 

# date

Thu Aug 29 10:17:00 EDT 2013

# ll -d /etc/inetd.conf

-rw-r--r--   1 root       sys           6737 Aug 23 13:04 /etc/inetd.conf

# ps -ef | grep -i inetd | grep -v grep

    root 24621     1  0 10:15:04 ?         0:00 /usr/sbin/inetd -l

# inetd -c

# ps -ef | grep -i inetd | grep -v grep

    root 24621     1  0 10:15:04 ?         0:00 /usr/sbin/inetd -l

# /sbin/init.d/inetd stop

Internet Services stopped

# ps -ef | grep -i inetd | grep -v grep

# /sbin/init.d/inetd start

Internet Services started

# ps -ef | grep -i inetd | grep -v grep

    root 24656     1  0 10:17:50 ?         0:00 /usr/sbin/inetd -l

#

 

Thanks, Mike

Legalize Freedom
Valued Contributor
NavyYard
Posts: 46
Registered: ‎05-16-2013
Message 13 of 13 (7,683 Views)

Re: only console login allowed into the hp-ux server, can not ssh or telnet into it, aby ideas?

Thank you for all the replies.

 

I had to boot the system in single user mode so I could login, untrust the system, reset the passwords for all accounts and trusted the system again to fix the problem.

 

Thanks for aal the replies.

 

 

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.