Learn to use a serial console on Linux
Monday, January 28, 2008 12:39 PM
Using a serial console can be useful for debugging, or to bypass security rules and bridge one network to another.
Using a serial console on Linux is much like using a modem; the technology is virtually identical, but instead of using a modem to dial into a remote system, a special serial cable, called a null-modem cable, is strung between two computers via their serial ports. Most modern desktops and laptops no longer come with serial ports; however, virtually all server-class systems do.
The one system is set up to listen on one end of the cable, and the other system is used to log in, as the client, on the other end. This can be reverted very easily; a null-modem cable works both ways.
Why use a serial console? For one, it can be very useful for debugging, particularly if the network is down and the system is headless. For another, you can use it to bypass security rules and bridge one network to another--not for things like copying files, but purely for login purposes to obtain shell access to the other system. For instance, if you had a server in a DMZ, you could bypass potentially complex networking needs to obtain shell access to the server from a system on the LAN. This also could mean that running a remotely-accessible sshd service is no longer required on the DMZ server.
To begin, all you really need is the null-modem cable and two systems with serial ports, making sure the serial ports are enabled in the BIOS. On the server, edit /etc/inittab and add:
S0:12345:respawn:/sbin/agetty -L 115200 ttyS0 vt102
This tells init to launch agetty, listening on /dev/ttyS0 (the first serial port) at a baud-rate of 115200bps, and to use vt102 terminal emulation. On the client, once the null-modem cable is in place and agetty is running, use screen to connect:
$ screen /dev/ttyS0 115200
Hit enter once screen starts and you will be sitting at a familiar login prompt on the remote system. To disconnect, simply type [CTRL-A]+K in screen, after logging out.
If you were so inclined, you could also force syslog to send all logs to the serial port as well, for observation over the serial line. This can be done by modifying /etc/syslog.conf to add:
*.* /dev/ttyS0
If nothing else, should you need to connect to some hardware via the console, like a network router or switch, being able to use screen to manage the serial connection is a great and easy way to do so. Virtually all Linux distributions either come with screen preinstalled, or it's a simple apt-get, urpmi, or yum away. Most Linux distributions come with agetty already installed.
There are currently no comments for this post.