The Serial Console: A Front Door Worth Leaving Open

By Carla Schroder | Aug 18, 2004 | Print this Page
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3396731/The-Serial-Console-A-Front-Door-Worth-Leaving-Open.htm

In these modern times, a hardworking admin might be tempted to turn her back on the Old Ways, and indulge in increasingly exotic methods of interfacing with servers: SSH over ethernet, USB, Firewire, wireless, infrared, KVM switches, VNC, VPN ... next stop: direct neural implants.

There's one old timer that still has useful place in the admin's tool kit: the serial console. Sure, it's slow and funky. But there are times it can be a real lifesaver. When nothing else works, it's a direct pipeline into your system. It's simple and cheap. You don't need to install drivers or expansion cards, it's just there.

What can you do? Anything that you can do from any Linux command shell.
Administration via serial console is common in data centers. Just imagine the nightmare of trying to connect all those rack units to keyboards and displays. The cabling can be extended to a nice comfortable ops center (well, an ops center, anyway). (This Lantronix Console Manager is an example of the type of device used to administer these.)

There are a number of ways to make the physical connection. You can connect an external modem -- the kind us old timers fondly refer to as "real" modems -- and do remote administration via dialup. It couldn't be any simpler, just dial direct. Or grab a null modem cable, connect to a laptop or a nearby workstation, and you have an instant terminal.

Serial Consoling A Local Machine

Pretend you have a laptop that you are going to use as your remote terminal, connected to a headless server. The server needs a few configuration tweaks first, so don't chuck the monitor and keyboard just yet. Make sure you have a bootable rescue disk handy. You'll also need a null modem cable, and a serial communication program like Minicom on the terminal.

On most modern PCs, when we say "serial port" we mean a DB9 connector. A serial port is also a logical connection, like this:

# setserial -g /dev/ttyS[0123]
/dev/ttyS0, UART: 16550A, Port: 0x03f8, IRQ: 4
/dev/ttyS1, UART: 16550A, Port: 0x02f8, IRQ: 3
/dev/ttyS2, UART: unknown, Port: 0x0000, IRQ: 0
/dev/ttyS3, UART: unknown, Port: 0x02e8, IRQ: 3

This shows two active serial ports on our soon-to-be-headless server. Not earth-shaking, just nice to know. Next, reboot the soon-to-be headless server and go into the BIOS settings. Make sure it is not configured to halt when there is no keyboard. This is also a good place to poke around if by some odd chance your serial ports are not enabled, or there is only one, and you think there should be more.

Then boot up and open /etc/inittab. First job is to make booting to a text console the default. X shouldn't be on a server anyway, and you sure as heck don't want to bump into an X session over serial lines:

# The default runlevel.
id:3:initdefault:

This is the default text mode for most Linuxes. On Debian, the default runlevels 2-5 are all the same, so Debian users must configure a text-only runlevel. Then open up a serial port to accept logins:

# Example how to put a getty on a serial line (for a terminal)
#
#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100

Uncomment the one for the serial port you are going to use; in this article, ttyS0. Save the change, then restart init:

# init q

Now edit the server bootloader to tell the kernel to make ttyS0 (or whichever one you use) the default system console. In LILO, make a copy of your existing default stanza, and add these lines:

serial=0,9600n8 timeout=100

Call it "Serial Kernel", or some such. For GRUB users, do the same -- make a copy of your default boot stanza, then append the console values to the kernel line:

kernel /vmlinuz-2.4.24 ro root=/dev/hda2 / console=tty0 console=ttyS0,9600n8

Then boot the machine a few times to make sure it works. When you're satisfied with your bootloader configuration, make the new boot stanza the default.

In both LILO and GRUB, disable any splash images. The whole point of editing the bootloader is to redirect the boot messages that ordinarily go to the screen to the console. A splash image will gum it up.

Continued on page 2: Making the Connection with Minicom

Continued From Page 1

Now go to the "terminal" machine, your trusty laptop or whatever, and set up Minicom. You'll see this beautiful ASCII menu:

# minicom -s

------[configuration]-------
| Filenames and paths      
| File transfer protocols 
| Serial port setup        
| Modem and dialing       
| Screen and keyboard   
| Save setup as dfl 
| Save setup as..         
| Exit          
| Exit from Minicom 
----------------------------

Select "serial port setup". Modern modems are pretty good at auto-negotiating connection speeds. Start out conservatively, then you can bump it up if you like and see what happens. Select the letter of the option you want to change, then hit return to get back to "Change which setting?":

-------------------------------------------
| A -    Serial Device      : /dev/ttyS0 
| B - Lockfile Location     : /var/lock 
| C -   Callin Program      :      
| D -  Callout Program      : 
| E -    Bps/Par/Bits       : 9600 8N1
| F - Hardware Flow Control : No
| G - Software Flow Control : No 
|                                    
|    Change which setting? 
-------------------------------------------

Next, select the "Modem and dialing" option, and make sure the "Init string" and "Reset string" settings are blank. Finally, select "Save setup as dfl" to make this the default, and then "Exit" from Minicom.

Making the Connection with Minicom

Now take your nice new null-modem cable and connect the two machines. Then fire up Minicom on the "terminal":

# minicom

Welcome to minicom 2.1

OPTIONS: History Buffer, F-key Macros, Search History Buffer, I18n
Compiled on Nov 12 2003, 19:21:57

Press CTRL-A Z for help on special keys

headless login:

Login, and there you are. What can you do? Anything that you can do from any Linux command shell.

To exit, hit Ctrl+A, Z, X.

Serial Annoyances

Permissions inconsistencies are going to bite you a lot. By default on most Linuxes, root cannot login over a tty. So you'll have to edit or create /etc/securetty on your server, and add this line:

ttyS0

Non-root users can't use tty ports. The quick n dirty fix is this:

# chmod o+rw /dev/ttyS0

The long-term fix is set up sudo users for /dev/ttyS0.

A third show stopper nuisance is having mingetty. mingetty is strictly for logging into to local virtual terminals. It does not support serial lines. You want agetty, getty, or mgetty, which can be obtained from the usual Linux sources. If your system is using mingetty, don't remove it. Just be sure to edit /etc/inittab to point to agetty, getty, or mingetty.

Resources