[SOLVED] Login incorrect via getty

AchimRS · 10-14-2010, 07:43 PM

Hi all,
I try to setup a small Debian system running on command line.
Remote access shall be possible via ssh (for now also telnet) and a serial connected minicom via getty.
I need the serial access as fallback in case the network is down.

As long as the package adduser is not installed, I can login as root via telnet and getty without problem. But from the moment "adduser" is installed with apt-get, the serial root login always fails after entering the right password with the message "Login incorrect". Even de-installing "adduser", or using a brand new "adduser test" user, don't help anymore...
When installing and using SSH it allows to login successfully, like telnet.

BTW: A dangerous behavior I observed with telnet:
When I opening the connection via telnet, I'm immediately logged in as root - without asking for a password! I set a password with passwd which also is requested by SSH and getty (before the adduser installation) but not by telnet?!?!?

The /var/log/messages adds a line if login with su, but nothing when fails with getty

Here is my inittab:

Code:

# /etc/inittab: init(8) configuration.       
# inittab,v 1.1 2006-07-27 08:58:03 lothar Exp

# The default runlevel.
id:2:initdefault:      

# Boot-time system configuration/initialization script.
# This is run first except when booting in emergency (-b) mode.
si::sysinit:/etc/init.d/rcS                                    

# What to do in single-user mode.
~~:S:wait:/bin/sh                

# /etc/init.d executes the S and K scripts upon change of runlevel.                                        

l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/bin/sh                                         

# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 now

# Example how to put a getty on a serial line (for a terminal)
s0:23:respawn:/sbin/getty -L ttymxc0 115200 linux
s1:23:respawn:/sbin/getty -L ttymxc1 38400 linux
s2:23:respawn:/sbin/getty -L ttymxc2 38400 linux

# Run getty on framebuffer device
F0:23:respawn:/sbin/getty -L tty0 38400 linux

and here my /etc/pam.d/common-password (because I have the gut feeling it have something to do with PAM)

Code:

password        [success=1 default=ignore]      pam_unix.so obscure sha512
password        requisite                       pam_deny.so
password        required                        pam_permit.so

The /etc/securetty also consist the used /dev/ttymxc0 :

Code:

console
ttyS0
ttyS1
ttyS2
ttymxc0
ttymxc1
ttymxc2

Here a part of the /etc/login.defs hoping this is enough:

Code:

                                                         
TTYGROUP        tty                                                     
TTYPERM         0600

It is an Emdebian Grip Squeeze running on an armel ARM9 embedded controller.

any hints where I could search for this problem???

mikesd · 10-15-2010, 06:57 AM

well ssh usually defaults to not allowing root login. Check out /etc/ssh/sshd_config to change that setting under

Code:

PermitRootLogin

and then restart the sshd service

Code:

# service sshd restart

telnet is inherently unsecured, so you should stick with ssh as much as you can.

AchimRS · 10-15-2010, 07:59 AM

SSH is not the problem, I have problems with the terminal connected via RS232, tty and getty.
It rejects all login tries with root and other user-ids...

How do getty authenticate the entered password, which files are used?

Thanks
Achim

AchimRS · 10-15-2010, 03:23 PM

A small hint from Geert that getty uses "login" to authenticate, solved my problem:
I don't know exactly why, but something with the installation of "login" was wrong. I reinstalled it with apt-get and accepted all updates of the config files /etc/login.defs - now it works.

Thanks a lot to Geert