Remote Serial Console HOWTO

Glen Turner

Australian Academic and Research Network

Mark F. Komarinski

v2.6 2003-03-31

Revision History
Revision 2.62003-03-31Revised by: gdt
Correct opposing CTS/RTS explanations. Use <quote> in markup. TLDP PDF is now good, so remove instructions for rendering PostScript to PDF. Typo in GRUB configuration.
Revision 2.52003-01-20Revised by: gdt
Only one console per technology type. Setting timezone. Use off parameter rather than comments in inittab. Cable lengths.
Revision 2.42002-10-03Revised by: gdt
Kernel flow control bug, more cabling, Debian, Livingston Portmaster, typos (especially those found during translation to Japanese).
Revision 2.32002-07-11Revised by: gdt
Updates for Red Hat Linux 7.3, corrections to serial port speeds and UARTs, ioctlsave.
Revision 2.22002-05-22Revised by: gdt
Minor changes
Revision 2.12002-05-16Revised by: gdt
Corrections to kernel console syntax. Addition of USB and devfs.
Revision 2.02002-02-02Revised by: gdt
Second edition.
Revision ≤1.02001-03-20Revised by: mfk
First edition.

An RS-232 serial console allows Linux to be controlled from a terminal or modem attached to an asynchronous serial port. The monitor, mouse and keyboard are no longer required for system administration. Serial consoles are useful where Linux systems are deployed at remote sites or are deployed in high-density racks.

This HOWTO describes how to configure Linux to attach a serial console.


Dedication

Glen Turner would like to thank his family for allowing him to work on this project for the surprisingly large number of evenings which it took to write this HOWTO. Thank you Karen, Kayla and Ella.

Table of Contents
1. Introduction
1.1. What is a console?
1.2. Why use a serial console?
1.3. Alternative meanings of "console"
1.4. Configuration overview
2. Preparation
2.1. Create fallback position
2.2. Select a serial port
2.3. Select a serial speed and parameters
2.4. Configure the modem or the null-modem cable
2.5. Configure the terminal or the terminal emulator
3. Optionally configure the BIOS
4. Configure the boot loader
4.1. Configure the LILO boot loader
4.2. Configure the GRUB boot loader
4.3. Configure the SYSLINUX boot loader
5. Configure Linux kernel
5.1. Configure Linux kernel using LILO
5.2. Configure Linux kernel using GRUB
5.3. Configure Linux kernel using SYSLINUX
6. Configure getty
6.1. init system
6.2. Traditional getty
6.3. agetty
6.4. mgetty
6.5. mingetty
6.6. No getty
7. Configure incidentals
7.1. Allow root to login from serial console
7.2. Change init level to textual
7.3. Remove saved console settings
7.4. Serial console is not /dev/modem
7.5. Alter target of /dev/systty
7.6. Configure Pluggable Authentication Modules
7.7. Configure Red Hat Linux
8. Reboot and test
8.1. Verify console operation
8.2. Re-create saved console settings
8.3. Test the console
8.4. Where to next from here?
9. Security
9.1. Use good passwords
9.2. Obey Data Terminal Ready and Data Carrier Detect
9.3. Use or configure a dumb modem
9.4. Restrict console messages
9.5. Modem features to restrict usage
9.6. BIOS features
9.7. Use a boot loader password
9.8. Non-interactive boot sequence
9.9. Magic SysRq key
9.10. Adjust behaviour of Ctrl-Alt-Delete
9.11. Log attempted access
9.12. Countering interception of telephony links
10. Configuring a kernel to support serial console
10.1. Linux kernel version 2.5
10.2. Linux kernel version 2.4
10.3. Linux kernel version 2.2
11. Serial cabling
11.1. Jargon
11.2. Cable from console port to modem
11.3. Cable from console port to terminal (or another PC)
11.4. Lengths of serial cables
11.5. Making serial cables
12. Modem configuration
12.1. Using Minicom to give commands to a modem
12.2. Configure dumb modem
12.3. Configure modem with AT commands
12.4. Internal modems
12.5. WinModems
A. Bugs and annoyances
A.1. Flow control in Linux kernel
A.2. Red Hat Linux 7.1 and SysVinit
A.3. BIOSs, keyboards and video cards
A.4. Modem hangs up upon reboot
A.5. init and syslog output does not display on secondary consoles
A.6. The console is unresponsive after connecting
A.7. Modem hangs up during initialization
A.8. Boot loader has no flow control
A.9. Boot loaders are vulnerable to line noise
A.10. Advanced Power Management
A.11. Modems and overseas telecommunications requirements
B. Uploading files from a serial console
B.1. Disable logging to console
B.2. ASCII upload and cat
B.3. Xmodem, Ymodem and Zmodem
B.4. Kermit
C. Upgrading Red Hat Linux from a serial console
C.1. Select boot disk
C.2. Configure the BIOS to use the serial port
C.3. Configure modem to ignore DTR and assert DCD
C.4. Prepare a network install floppy diskette
C.5. Prepare HTTP server
C.6. Record network configuration
C.7. Record LILO configuration
C.8. Upgrade Red Hat distribution
C.9. Create boot disk for serial console
C.10. Further references
D. Upgrading Debian GNU/Linux from a serial console
E. Terminal server configuration
E.1. Considerations when buying second-hand terminal servers
E.2. Cisco 2511
E.3. Xyplex/iTouch MAXserver 1600
E.4. Xylogics/Bay/Nortel Annex
E.5. Livingston/Lucent Portmaster
F. Gratuitous advice for developers
F.1. Advice for boot loader authors
F.2. Advice for BIOS authors
G. About this HOWTO
G.1. Copyright
G.2. Disclaimer
G.3. Acknowledgments
G.4. Comments and corrections
Colophon
List of Tables
1-1. Different ways of referring to the "console"
2-1. Many names for the same serial port
2-2. Interrupts used for IBM PC/AT RS-232 ports
4-1. SYSLINUX flow control bitmap
10-1. IBM-PC/AT serial port bit rates and their bit-clock divisors
11-1. Data rates and the maximum distances recommended in RS-232
List of Figures
2-1. Using the setserial command in /etc/rc.serialto disable the serial port /dev/ttyS2
2-2. Syntax for serial bits per second rate, in extended Backus-Naur form
2-3. Syntax for serial parity, in extended Backus-Naur form
2-4. Syntax for serial data bits, in extended Backus-Naur form
2-5. Syntax for serial stop bits, in extended Backus-Naur form
2-6. Syntax for serial flow control, in extended Backus-Naur form
2-7. Syntax for kernel serial parameters, in extended Backus-Naur form
4-1. Syntax of LILO serial command, in EBNF
4-2. LILO serial EBNF variables
4-3. LILO boot loader sample configuration
4-4. Using md5crypt to create a hashed password for GRUB
4-5. GRUB configuration to require a password
4-6. GRUB configuration for serial console
4-7. GRUB configuration for serial console and attached monitor and keybaord console
4-8. GRUB output to default device when configured for serial and attached monior output
4-9. GRUB configuration for command line interface for terminals other than VT100
4-10. Adding a single user mode option to the GRUB menu
4-11. Syntax of SYSLINUX serial command, in EBNF
4-12. SYSLINUX serial EBNF variables
5-1. Kernel console syntax, in EBNF
5-2. Recommended kernel parameters, PCs with video card
5-3. Recommended kernel parameters, PCs without video card
5-4. Recommended kernel parameters, LILO configuration
5-5. Recommened kernel parameters, GRUB configuration
5-6. Recommended kernel parameters, SYSLINUX configuration
6-1. Interactively altering the connecting terminal's make and model
6-2. Interactively altering the connecting terminal's time zone
6-3. getty is started by init, based upon an entry in /etc/inittab
6-4. Define CON9600 in gettydefs
6-5. Syntax of entries in /etc/gettydefs, in EBNF
6-6. /etc/inittab entry for agetty
6-7. /etc/inittab entry for mgetty
6-8. mgetty configuration file mgetty.config
6-9. Fewer virtual terminals. Removing mingetty entries from /etc/inittab
6-10. Fewer virtual terminals. Deallocating unused virtual terminals and removing their device files.
6-11. Contents of /etc/rc.serial to lock console serial port when no getty used
7-1. Alter securetty to allow root to log in from the serial console
7-2. Xservers from Red Hat Linux 7.2
7-3. [servers] section of gdm.conf from Red Hat Linux 7.2
7-4. Removal of ioctl.save containing the saved console parameters
7-5. Remove /dev/modem if it points to the serial console's port
7-6. Default value of /dev/systty in /etc/makedev.d/linux-2.4.x
7-7. Alter value of /dev/systty in MAKEDEV configuration file
7-8. Installing new value of /dev/systty
7-9. Default <console> in console.perms refers to attached keyboard and screen
7-10. Default device listing in console.perms
7-11. Devices in console.perms required for attached keyboard and screen
7-12. Add <sconsole> in console.perms to refer to serial console
7-13. Remaining devices in console.perms altered to refer to serial console
7-14. Alterations to /etc/sysconfig/init for Red Hat Linux
7-15. Alterations to /etc/sysconfig/kudzu for Red Hat Linux
8-1. Using ioctlsave to create /etc/ioctl.save without entering single user mode
9-1. Extract from Crackers favour war dialling and weak passwords
9-2. /etc/syslog.conf modified to copy log messages to a log server
9-3. Allowing remote log messages by setting options in /etc/sysconfig/syslog
9-4. Restrict syslog messages to remote.example.edu.au
9-5. Using nscd to cache reverse DNS lookups
9-6. Restrict sending of messages to console user
9-7. Restrict sending of messages to console user, /etc/profile.d/mesg.sh
9-8. Restrict sending of messages to console user, /etc/profile.d/mesg.csh
9-9. Install files into /etc/profile.d
9-10. Using sysctl to defeat the magic SysRq key
9-11. Configuring /etc/sysctl.conf to defeat the magic SysRq key
9-12. Kernel make menuconfig showing disabled SysRq key
9-13. Kernel .config showing disabled SysRq key
9-14. Default handling of Ctrl-Alt-Delete in /etc/inittab
9-15. Ignoring Ctrl-Alt-Delete in /etc/inittab
9-16. Shut down cleanly upon Ctrl-Alt-Delete in /etc/inittab
10-1. Kernel configuration for serial console using make menuconfig
10-2. Kernel configuration for serial console using .config
10-3. Kernel configuration for USB dongle serial console using make menuconfig
10-4. Kernel configuration for USB dongle serial console using .config
10-5. Kernel configuration for serial console using make menuconfig
10-6. Kernel configuration for serial console using .config
11-1. Null modem cable with full status and handshaking
11-2. Variation on null modem cable with full status and handshaking
11-3. Null modem cable with falsified status and handshaking
11-4. Null modem cable with no status or handshaking
11-5. One-way null modem cable with no status or handshaking
12-1. Front panel of a dumb modem
12-2. Testing the modem's port speed
12-3. Configure modem using AT commands
12-4. Resetting a Hayes AT-style modem
A-1. A kernel console parameter with CTS/RTS flow control
A-2. Kernel source code for console CTS/RTS flow control
A-3. setserial causes a modem to hang up as the machine initializes
B-1. Supressing kernel messages to the console in Red Hat Linux
C-1. Configuring BIOS to use serial link
C-2. Configuring BIOS to boot from hard disk
C-3. Extract from Red Hat Linux 7.2 mkbootdisk which creates SYSLINUX.CFG
C-4. Altered extract from mkbootdisk, which creates a SYSLINUX.CFG that uses a serial console
E-1. Basic configuration for Cisco 2511 terminal server to Linux PC
E-2. Portmaster unit configuration
E-3. Portmaster port configuration
F-1. Configuring /dev/nvram to access the CMOS configuration
F-2. Getting the CMOS configuration
F-3. Setting the CMOS configuration
List of Examples
4-1. Using kernel parameters to avoid access permissions
5-1. Complete LILO configuration, as installed by vendor
5-2. Complete LILO configuration, modified for serial console
5-3. Complete GRUB configuration, as installed by vendor
5-4. Complete GRUB configuration, modified for serial console
8-1. Dialing into a serial console
C-1. Displaying the Internet Protocol configuration
C-2. Displaying the LILO configuration

mirror server hosted at Truenetwork, Russian Federation.