Re: Allowing login via (serial) console by default

To: debian-cloud@lists.debian.org
Subject: Re: Allowing login via (serial) console by default
From: "Theodore Y. Ts'o" <tytso@mit.edu>
Date: Wed, 19 Dec 2018 23:10:06 -0500
Message-id: <[🔎] 20181220041006.GB9469@mit.edu>
In-reply-to: <[🔎] 20181219132133.dr7ictbbync4fcae@shell.thinkmo.de>
References: <[🔎] 20181208204712.4hacmwbqbd3m4bz3@shell.thinkmo.de> <[🔎] 42797a7b-47b5-6e78-f6d1-6b1bc75ed772@debian.org> <[🔎] 20181209191528.rv6je7cf3migvuhy@shell.thinkmo.de> <[🔎] DM6PR08MB473219533C2EFCDB07FAFF45DDBC0@DM6PR08MB4732.namprd08.prod.outlook.com> <[🔎] 1545224306.2634.544.camel@bearstech.com> <[🔎] 20181219132133.dr7ictbbync4fcae@shell.thinkmo.de>

On Wed, Dec 19, 2018 at 02:21:33PM +0100, Bastian Blank wrote:
> On Wed, Dec 19, 2018 at 01:58:26PM +0100, Vincent Caron wrote:
> >   I've been using permanent login-less consoles in my LXC containers,
> > because it's very convenient. They actually launch 'getty -l bash ttyXX'
> > which bypasses the password issue. Thus from my point of view having a
> > login-less access is orthogonal to the root password question - and actually
> > I prefer root having no password (and thus no possible interactive login).
> 
> Hmm, thats a different solution.  Just overriding the getty launched by
> serial-getty@.service with the following should force it to auto-login
> as root:
> | ExecStart=-/sbin/agetty --autologin root -o '-p -- -f \\u' --keep-baud 115200,38400,9600 %I $TERM
>

Yep, I do something like this in my automated test VM image
creation script[1] (which starts with a Debian image and then
customizes it):

cp -f /lib/systemd/system/serial-getty@.service \
        /etc/systemd/system/serial-getty@.service
sed -i -e '/ExecStart/s/agetty/agetty -a root/' \
    -e '/ExecStart/s/-p/-p -f/' \
        /etc/systemd/system/serial-getty@.service

BTW, you only need the first sed replacement for stretch; the second
substitution is only need for buster/sid based VM's.  And I think you
need "-p -f -- \\u" since '--' stops the option parsing, and is mainly
to protect against \\u containing a hypthen.

Also BTW, the agetty man page for buster claims that the -a option
automatically adds -f to be passed to the login options:

  -a, --autologin username
         Automatically log in the specified user without asking for  a  username
         or  password.  Using this option causes an -f username option and argu‐
         ment to be added to the /bin/login command line.  See  --login-options,
         which can be used to modify this option's behavior.

This used to be true for stretch, but it's no longer true for buster,
so the man page is out of date.

						- Ted

[1] https://github.com/tytso/xfstests-bld/blob/master/kvm-xfstests/test-appliance/gce-xfstests-bld.sh

Reply to:

Follow-Ups:
- Re: Allowing login via (serial) console by default
  - From: Vincent Caron <vcaron@bearstech.com>

References:
- Allowing login via (serial) console by default
  - From: Bastian Blank <waldi@debian.org>
- Re: Allowing login via (serial) console by default
  - From: Thomas Goirand <zigo@debian.org>
- Re: Allowing login via (serial) console by default
  - From: Bastian Blank <waldi@debian.org>
- Re: Allowing login via (serial) console by default
  - From: Jose Miguel Parrella Romero <joseparrella@gmail.com>
- Re: Allowing login via (serial) console by default
  - From: Vincent Caron <vcaron@bearstech.com>
- Re: Allowing login via (serial) console by default
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: Versioning of images
Next by Date: Re: Versioning of images
Previous by thread: Re: Allowing login via (serial) console by default
Next by thread: Re: Allowing login via (serial) console by default
Index(es):
- Date
- Thread