Can not login as any user in TTY console
we have a Redhat Linux 9 box in our office. Somebody have played with that box and as a result no user is able to login to the box on any TTY console. When we put a user name to log in (root and non-root also), it doesnot ask for password, and simply login prompt appears again. Whereas I can log in as root user through ssh (pseudo terminal). I tail to /var/log/message and /var/log/secure to see what is prohibiting users from logging in to TTY console, but no log appears.
I have checked basic things like....
1) all terminals are allowed in /etc/securetty
2) permission of the /etc/securetty is 600 which should be
3) /etc/nologin file does not exist
4) root and other user account can login through ssh session
5) there is no setting in /etc/security/access.conf
What else I missed to check........ can anybody help me.......
when you ssh to the box, check if syslog is running:
start the service if it isn't:
check /var/log/secure too
check your pam configuration
btw, when u say somebody has played did u mean someone hacked the box?
check the command history of the user/s in the box, you might find something that would help u.
If you mean hacked, I'm not surprised if you've got the orig RH9 (Shrike?). Support for that was discontinued yrs ago, so its wide open to exploits.
Try RH Fedora 8 (9 just came out) which is free, or Centos, which is a free version of RH Enterprise Linux.
If you want to stick with what you've got & if you've got the time & expertise, you can try to fix it/make notes, but frankly a clean re-install is the only safe way (after backing up any key data).
Thanks for your suggestions, The syslog service is running on the box and it is loggin all the login event from remote host through ssh in /var/log/secure but it is not loggin a single login attempt from TTY terminal.
And I dont mean to say that somebody has hacked the machine, but somebody working in my organization previously has done something nasty for some reason that has caused this thing.
I think I should work out on logs first which will give me direction to troubleshot the problem.
Just try single use mode and go through the /etc/passwd file.
It may have been changed. Or find out if there a file /etc/nologin.
If that file exists, delete it.
Have you had a look through /etc/login.defs?
Is the machine using pam for authentication?
If yes, look at pam.conf and/or pam.d/login ...
Thanks for your response, the /etc/nologin file does not exist, and I see no problem in /etc/passwd as I am able to login through ssh from remote machine.
Following are the some file's output, I think they are ok.
# cat /etc/log.d/conf/services/pam.conf | grep -v ^#
Title = "pam"
LogFile = messages
*OnlyService = pam
# cat /etc/pam.d/login
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
What else it could be........ :(
Is this line creating problems "auth required pam_nologin.so" ?
Try commenting this out.
auth required /lib/security/pam_nologin.so
only checks for the existence of /etc/nologin and denies login if the user isn't root.
i'm still looking for workaround on this. since u said that local logins aren't being logged, u might wanna take a look at ur syslog config or paste it here.
another thing u can do is run sysreport and upload the report here, that would provide more info so we can further troubleshoot this.
ppl should know to never piss off those who administer your server :tisk:
And what about /etc/login.defs ...
Kindly paste the exact output of /etc/securetty
Sometimes the additional space put in there can cause such problems.
Heres the output of both file.
#cat /etc/login.defs | grep -v ^#
# cat /etc/securetty
Try validating the package that supplies /etc/initab. Or just post yours so we can compare.
|All times are GMT -5. The time now is 12:26 AM.|