Yeah. This is somewhere in the Twisted code where you can't see the exception.

Try logging in with SSH to get more meaningful errors. Probably a missing dependency.

We recently added tftp support. I have a patch already that stops Cowrie sessions from crashing when one of the commands doesn't work. Will share later.

ssh has been working just fine. All I did was turn on telnet and authbind port 23

Hi! Could you confirm your are running the latest version? Try git pull to update your software.

Also, by default the password '123456' is not allowed for user root. What is the contents of your userdb.txt?

$ git pull
remote: Counting objects: 99, done.
remote: Compressing objects: 100% (92/92), done.
remote: Total 99 (delta 42), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (99/99), done.
From http://github.com/micheloosterhof/cowrie
 + 415e7da...e2964f3 develop    -> origin/develop  (forced update)
Already up-to-date.

$ cat userdb.txt 
root:x:123456
root:x:35592

I'm guessing the second user is one that an attacker created because that wasn't there before.

I deleted the second root and tried again with same results / error.

Escape character is '^]'.
login: root
Password: 
          Login incorrect
                         login: 

Now there are twisted errors in the logs, but this is also in every connection via telnet now since it's getting hit a lot harder from the outside.

2016-11-15 23:15:44+0000 [CowrieTelnetTransport,1,my_ip] login attempt [root/123456] succeeded
2016-11-15 23:15:44+0000 [CowrieTelnetTransport,1,my_ip] Opening TTY Log: log/tty/20161115-231544-None-1i.log
2016-11-15 23:15:46+0000 [-] Unhandled error in Deferred:
2016-11-15 23:15:46+0000 [-] Unhandled Error
    Traceback (most recent call last):
    Failure: twisted.conch.telnet.AlreadyNegotiating: twisted.conch.telnet.AlreadyNegotiating:'\x01'

2016-11-15 23:19:26+0000 [CowrieTelnetTransport,1,my_ip] Closing TTY Log: log/tty/20161115-231544-None-1i.log after 221 seconds
2016-11-15 23:19:26+0000 [CowrieTelnetTransport,1,my_ip] avatar root logging out
2016-11-15 23:19:26+0000 [CowrieTelnetTransport,1,my_ip] Connection lost after 227 seconds

Hi. The negotation error, is that from your Telnet client or someone on the internet?
What telnet client are you using? Do you see this blocking command entering?

I get the first error posted by @mb-rack (where it shows the login prompt again but log says login was successful) when using the default OS X telnet client (using iTerm and Terminal) and the Ubuntu telnet client.

I get the second one ('\x01' errors) from random clients on the Internet.

Interestingly it seems that some telnet clients are able to login and access it just fine.

I think I've got it. They are not disconnects. Try connecting with "nc" (netcat) to your telnet server.
You'll get the errors (because "nc" doesn't understand telnet negotiation), but you can still login.

I think the negotiation errors are not causing any disconnects, you simply see port scanning activity from a client that doesn't understand telnet. Then the client disconnects. It's not an error.