From: Henrikson, John L. (HenriksonJ@missouri.edu)
Date: Thu Feb 06 2003 - 11:48:14 EST
I got several helpful responses from Rita Workman, V.T. Mueller, Ryan
and Bill Hassell, thanks to all of you..
The most helpful was from Larry Scheetz, whose response I've included
below.. many thanks Larry..
John Henrikson
University of Missouri-Columbia
PROBLEM
Unable to telnet to HPUX server beyond a certain number of connections.
For example, "I have 60 users connected to this box via telnet; however,
when
60+
users try to login they receive a "connection refused" error message".
What is
the problem? RESOLUTION
The problem is the system is running out of "PTYs". PTYs are used to
open telnet sessions. On 10.x systems they use PTYs(pseudo-terminal) and
11.x systems use PTYs that are pseudo-terminal and Streams-Based. You
should use the following steps correct this problems:
This could be an issue with shells, security, or not enough telnet
sessions.
1. First ensure that telnet is an available service. You should see the
following lines:
vi /etc/services
telnet 23/tcp # Virtual Terminal Protocol
vi /etc/inetd.conf
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
These lines should be uncommented.
2. Telnet must be listening in order for you to make a connection
netstat -a | grep *telnet. should return the line
tcp 0 0 *telnet. *.* LISTEN
3. If it is not "listening" or you had to make a modification to your
inetd.conf file do the following:
inetd -c
This rereads your inetd.conf file. Now repeat step 2 to see if telnet
is listening.
Shells:
Shells is a most common issue with telnet and ftp connection refused
messages. Create the following file on the system refusing the
connection:
vi /etc/shells #create/edit this file to contain the following
valid
login shells#
/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh
/sbin/rsh
/sbin/ksh
/sbin/rksh
/sbin/csh
/sbin/keysh
Test telnet after adding this file.
Security for telnet:
vi /var/adm/inetd.sec
Look for a line that references telnet and the word allow or deny. If
you see a line like that your system may be restricted from using this
service on this system. Example of an entry:
telnet deny 192.23.4.3 193.14
this entry denies a specific host 192.23.4.3, and an entire subnet
193.14.
telnet allow 192.23.4.3 193.14
this entry allows only the host 192.23.4.3, and any hosts on the subnet
193.14. Everyone else is denied.
Telnet sessions:
To check the number of telnet sessions you have available, on the box
refusing the connection do:
ls /dev/pty |wc -w
ls /dev/ptym | wc -w
60 is the default, if you see 60 as a response, yours has never been
increased and you may be running out of telnet sessions.
To increase your telnet sessions, we need to increase the npty
paramater. This is a kernel parameter so it will require a reboot.
Follow the 2 steps listed below:
1. Use SAM --> Kernel --> Configurable Parameters
npty (10.20 and 11.0)
nstrpty (11.x only)
nstrtel (11.x only)
set NPTY, NSTRPTY, and NSTRTEL to 512, save and reboot.
NPTY, NSTRPTY, and NSTRTEL are the desired number of telnet sessions.
2. Rebuild the special device files at the command prompt as follows:
insf -d ptys -n 512 512 being the number you set NPTY in SAM
(10.20
and
11.0)
insf -d ptym -n 512 10.20 and 11.0)
insf -d pts -s 512 -e -v (for 11.x only )
insf -d pty -n 512 (for 11.x only )
That's it, your sessions have been increased to 512
NOTE: 512 is just and example value that was used. You should determine
the amount of PTYs needed by looking at the average amount of users that
login to your system.
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:25 EDT