SUMMARY: Trouble with telnetd???

From: John M. Vogtle (jmvogtle@gamera.cns.syr.edu)
Date: Mon Apr 08 1991 - 15:12:41 CDT


Thanks for your prompt response. Once again this list has proven to be a God
send. A number of people have requested summaries so here goes...

First my original question:

>> The past couple of days I've had users complaining about trouble telneting
>> to our campus 4/490. What happens is that they telnet to the host, are
>> prompted for username and password, see the message of the day and then the
>> connection is closed.
>>
>> System specs: Sun 4/490 running 4.1_PRS.A
>>
>> I DO know it's not something where someone has modified a .login file to
>> automatically log out. I suspect it has something to do with not enough
>> ptys but that's just a guess.

Replies:

Most people said that the problem was caused by a process not releasing a
pseudo tty for some reason. When this occurs, the symptoms I described
crop up. The best way to fix the problem is to us "ps -t<device>" to track
down the offending process and then kill the process. One handy suggestion was
to use "last" to help track down the tty or pty where the process is running -
something like:

        UserX calls up complaining about "THE PROBLEM"

        # last UserX
           (the terminal the user last logged in on will be listed, for example
           ttyr1)
        # ps -tr1
           (You should see a job running on ttyr1 - kill it)

IMPORTANT: A couple of people pointed out to me that this type of problem is
           what allows an intruder to gain access to your system via the recent
           CERT reported in.telnetd bug. The patch is available from both
           uunet and from the Sun Answer Center. (I've applied the patch.)

Other possible problems:

        - lack of ptys
        - corrupted csh

Although there doesn't seem to be a true "fix" for this one, I now know how to
correct the problem. Thanks once again.

        -John



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:12 CDT