[Solved] root or telnet limit?


Recommended Posts

Is there a limit on number of telnet or root logins?

And if so, where/how do you increase it?

 

Able to open 8 telnet sessions logged in as root, the 9th opens to the login prompt but get Login incorrect after I put in the password.

If I end one of the other telnet sessions and reenter login info in other session, it lets me in.

 

 

Link to comment

Additional info from syslog:

 

May 12 09:10:19 Tower login[3311]: ILLEGAL ROOT LOGIN on '/dev/pts/8' from '192.168.1.103'

To fix this, you need to add additional lines to the /etc/securetty file.

 

In your config/go script, add the following lines:

echo "pts/8" >>/etc/securetty

echo "pts/9" >>/etc/securetty

 

After you reboot you'll then gain the ability to log in as root via two more telnet sessions. (telnet sessions use the /dev/pts/X devices)

Right now, there are only 8 "pts" devices allowed to be used to root logins. (and for 99.99% of us, that is more than enough)

 

Joe L.

Link to comment

Thanks Joe

 

Usually don't open that many sessions but was doing another verification (reiserfsck --check) on my drives before going from 2TB parity drive to 3TB parity drive. So I had done 5 drives yesterday, and doing the other 9 today.

 

Well 2 drives are finished so have started the --check on the last drive.

 

 

Link to comment
  • 1 year later...

Sorry to bump this old topic, but I did found similar problem this morning and would like to leave a note here for others that eventually get same issue and find this topic, like I did... replying jonathanm question above, yes it seems screen uses sessions as well, in fact I had 0 telnet sessions running but some 10 screen sessions running and was unable to login one single telnet session, also getting ILLEGAL ROOT LOGIN on the log, however (fortunately) ssh worked fine.

Link to comment

Sorry to bump this old topic, but I did found similar problem this morning and would like to leave a note here for others that eventually get same issue and find this topic, like I did... replying jonathanm question above, yes it seems screen uses sessions as well, in fact I had 0 telnet sessions running but some 10 screen sessions running and was unable to login one single telnet session, also getting ILLEGAL ROOT LOGIN on the log, however (fortunately) ssh worked fine.

So, you are saying it's possible to get into a situation where you can't login via telnet to resume a screen session that was successfully started via a previous telnet session? If so, that's a little scary, as it's rather inconvenient to get a local console on my main server. I would have thought the telnet session you used to start the new screen instance would keep the extra screen from starting if there weren't enough devices to service it.

 

Another good reason to have SSH available.

Link to comment

I'm not fully sure about details, but yes, at morning I did got in a situation that the only way to log into the server was ssh, telnet was just impossible to login until I closed some screen sessions. I can't find a limit on screen sessions, apparently... but seems that after some few are used telnet doesn't work anymore, not a problem for screen or ssh though.

 

Edit: I did some quick testing with this again and found that indeed ssh and screen seems to have no problems to get sessions on something like pts/15, pts/16, etc... (and I didn't touched /etc/securetty), but telnet seems to really refuse connection if there is not a free pts/0 to pts/7, then a way to get fully "locked" from telnet (probably what happened to me at morning, and now again on my testing) is:

- open a telnet/ssh session, it will get on pts/0

- open at least 7 screen sessions taking pts/1 to pts/7

- open a new telnet/ssh session, it will get on pts/8

- close the 1st telnet/ssh session, will free up pts/0

- using the other telnet/ssh session open one more screen session, it will get the pts/0 one

At this point you have pts/0 to pts/7 all taken by screen sessions, now it's just impossible to login using telnet, the only way is ssh...

 

Anyway I think an user that only really uses telnet should not be able to be in such a lock situation, because he should always have at least one free pts, the one he used to login initially, even if he disconnect/reconnect he should get on that same pts (unless there is some script or something creating screen sessions while he is not logged)... another issue may be if one telnet connection get's "stuck" by some network issue or something, guess may get him on similar lock situation eventually as that pts will get wrongly taken by the "ghost" connection...

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.