System: Serial Console Login

(last edit: 2001-05-03) See also the FreeBSD Handbook.

Introduction

It is possible to connect to your FreeBSD box using a serial null modem cable. This can be very usefull when you 'normal' deamons (e.g. telnetd and sshd) don't respond anymore. All you need is a serial null modem cable and another computer with a terminal program.

The cable

The easiest way is to buy a cable but you can also make one: 9pins serial null modem cable: |--1o------------------o1--| | 2o--------\/--------o2 | | 3o--------/\--------o3 | | 4o------------------o6--| | 5o------------------o5 |--6o------------------o4 7o--------\/--------o7 8o--------/\--------o8 1 Carrier Detect 2 Receive Data 3 Transmit Data 4 Data Terminal Ready 5 System Ground 6 Data Set Ready 7 Request To Send 8 Clear to send So you connect pin 1 to pin 6 on the same connector and you do this for both connectors. Then you connect pin 1 on the left connector to pin 1 on the right connector, pin 2 to pin3, pin 3 to pin 2, etc. 25pins serial null modem: See 9pins but connect pin 6 not to pin 1 but to pin 20 (again on the same connector).

How does it work?

(I'll show you how to set this up in the next part) If your machine boots it will check for a keyboard, if it doesn't find a keyboard the kernel starts using a serial console for its console. Thus if you have a keyboard attached to you machine serial console won't work because you could just type on the keyboard couldn't you? So if you don't have a keyboard attached you can attach a dumb terminal or terminal program to the serial port and see the FreeBSD boot process and/or login to you machine.

Setting things up

You have to set up the following things:
  • COM1
  • /boot.config
  • /etc/ttys

COM1

First of all: this will only work on COM1 so make sure it is free (no other devices attached to it, using it) and it is activated in the BIOS. Then make sure it is in your kernel AND it is configured as a serial console. This means that the following line must be in your kernel file: device sio0 at isa? port IO_COM1 flags 0x10 irq 4 The '0x10' tells the kernel that this is a serial console the irq should match the one in your bios. See also System: How to compile a new kernel. When you reboot you should see something like this: sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A If you've missed it you can always do a : root@host:/#dmesg | grep sio

/boot.config

As I explained before, your machine must check if a keyboard is attached. You can do this by creating a '/boot.config' file. man boot: -D toggle single and dual console configurations. In the single configuration the console will be either the in- ternal display or the serial port, depending on the state of the -h option below. In the dual console configura- tion, both the internal display and the serial port will become the console at the same time, regardless of the state of the -h option. However, the dual console con- figuration takes effect only during the boot prompt. Once the kernel is loaded, the console specified by the -h option becomes the only console. -h toggle internal and serial consoles. You can use this to switch console devices. For instance, if you boot from the internal console, you can use the -h option to force the kernel to use the serial port as its console device. Alternatively, if you boot from the serial port, you can use this option to force the kernel to use the internal display as the console instead. The serial port driver sio(4) has a flag to override this option. If that flag is set, the serial port will always be used as the con- sole, regardless of the -h option described here. See the man page for sio(4) for more details. -P probe the keyboard. If no keyboard is found, the -D and -h options are automatically set. The only thing you have to put in the '/boot.config' file is '-P'. After this your system should say the following when you boot: /boot.config: -P Keyboard: yes Or 'no' offcourse.

/etc/ttys

Your /etc/ttys contains the following: --- ttyv0 "/usr/libexec/getty Pc" cons25 on secure # Virtual terminals ttyv1 "/usr/libexec/getty Pc" cons25 on secure ttyv2 "/usr/libexec/getty Pc" cons25 on secure ttyv3 "/usr/libexec/getty Pc" cons25 on secure ttyv4 "/usr/libexec/getty Pc" cons25 on secure ttyv5 "/usr/libexec/getty Pc" cons25 on secure ttyv6 "/usr/libexec/getty Pc" cons25 on secure ttyv7 "/usr/libexec/getty Pc" cons25 on secure ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure # Serial terminals # The 'dialup' keyword identifies dialin lines to login, fingerd etc. ttyd0 "/usr/libexec/getty std.9600" dialup off secure ttyd1 "/usr/libexec/getty std.9600" dialup off secure ttyd2 "/usr/libexec/getty std.9600" dialup off secure ttyd3 "/usr/libexec/getty std.9600" dialup off secure --- The 'ttyv' lines are used for 'normal' login, thus the login you see when you attach a monitor and keyboard. The 'ttyd' are serial terminals and that's what we are looking for. The 'ttyd0' is the serial termnial connected via COM1 and as you might notice it is marked 'off'. Change this to 'on': ttyd0 "/usr/libexec/getty std.9600" dialup on secure That's all you have to change. But wait a minute, didn't I say that the connection is only possible with COM1? What are the other ttyd's then? Well it IS possible to connect to e.g. COM2 but you have to recompile the boot blocks and the boot loader and all you gain is the fact that you connect to COM2 instead of COM1. I noticed another thing: the terminal type 'dialup' isn't very usefull when you try to edit a file: your keyboard doesn't work as it is supposed to and your screen works like crap. Note these problems don't appear when you are just working on the command line. The terminal type 'cons25' works good on both the command line and in vi. So you might consider changing 'dialup' in 'cons25' on the above line. You must reboot your machine or restart 'init' to activate these settings. You can restart init by typing the following as root: 'kill -1 1'

Connecting

I haven't tried to connect using a dumb terminal for the simple fact that I don't own one. I have connected with a FreeBSD machine using 'Kermit' and a Win2k machine using 'SecureCRT'.

FreeBSD and kermit

Kermit is a terminal program which you can install from '/usr/ports/comms/kermit'. I won't go into the kermit any further but I'll show you the command line: --- root@host:~#/usr/local/bin/kermit -l /dev/cuaa0 -b 9600 -c Connecting to /dev/cuaa0, speed 9600. The escape character is Ctrl-\ (ASCII 28, FS) Type the escape character followed by C to get back, or followed by ? to see other options. ---------------------------------------------------- FreeBSD/i386 (192.168.0.4) (ttyd0) login: root Password: ***** Last login: Thu Apr 12 09:56:46 on ttyd0 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.2-RELEASE (MYKERNEL) #2: Sun Feb 18 23:51:26 GMT 2001 You have new mail. root@remotehost:~# --- The device 'cuaa0' is the device for COM1 and this should be the COM port to which you have connected the serial null modem cable (Note: this is on the OTHER machine so this could as easely be COM2). Make sure it is activated in the kernel/BIOS. The '-b 9600' defines the speed to use. This speed is also specified in '/etc/ttys' so make sure it is the same. Here are the options from the man page: man kermit -l line communication line device (to make a serial connection) -b bps serial line speed, e.g. 1200 -c connect (before file transfer), used with -l or -j If you want to speed up your serial connection see the url I've mentioned at the beginning of this document You won't get a 'login: ' if you connect using kermit the first time. I don't know why and I haven't looked in to it because if you just enter your login name and hit enter you get a 'password: ' and I you type in the password you are logged in.

Win2k and SecureCRT

Works like kermit (duh?). Do the following:
  • Create a new session
  • Select 'serial' as protocol
  • Set the port to the port on your win2k machine to which the cable is connected to
  • Set Baud to the same value you've specified in '/etc/ttys', probaley 9600
  • Set data bits to '8'
  • Set Parity to 'None'
  • Set Stop bits to '1'
  • Hit 'connect', you'll get a blank screen, hit ENTER and you'll get a login prompt.
Have fun...

Click here to go back to the index.