Auto root login from serial console only

Anyone know how to allow auto root login from the serial console without a password while still requiring a password for ssh? This is really a worst case recovery type thing where someone changes the default password and forgets the new password. Physical security should be adequate in this case.

man getty


       -a, --autologin username
              Automatically log in the specified user without asking for a
              username or password. Using this option causes an -f username
              option and argument to be added to the /bin/login command line.
              See --login-options, which can be used to modify this option's

              Note that --autologin may affect the way how agetty initializes
              the serial line, because on auto-login agetty does not read from
              the line and it has no opportunity optimize the line setting.

and also:

       -l, --login-program login_program
              Invoke the specified login_program instead of /bin/login. This
              allows the use of a non-standard login program. Such a program
              could, for example, ask for a dial-up password or use a differ������
              ent password file. See --login-options.

       -o, --login-options "login_options"
              Options and arguments that are passed to login(1). Where \u is
              replaced by the login name. For example:

                  --login-options '-h darkstar -- \u'

              See --autologin, --login-program and --remote.

              Please read the SECURITY NOTICE below before using this option.

       -p, --login-pause
              Wait for any key before dropping to the login prompt. Can be
              combined with --autologin to save memory by lazily spawning

systemd files of interest:


The former is a symlink to the second, but you don't want to mess with the
second, but instead copy the second to someplace
(/usr/local/lib/systemd/system/ probably) and modify it (maybe rename it to
/lib/systemd/system/serial-getty-root@.service) and then change the
/etc/systemd/system/ symlink.

Robert Heller -- Cell: 413-658-7953 GV: 978-633-5364
Deepwoods Software -- Custom Software Services -- Linux Administration Services -- Webhosting Services

Thanks. That makes sense. I was barking up the wrong tree and just totally forgot about getty.

This is a tad more sinister than it appears. In /etc/systemd/system/ are 3 files: getty@tty1.service, serial-getty@.service, and serial-getty@ttyGS0.service. I have changed them all, and none have had any impact. A ‘systemctl cat getty@ttyGS0.service’ shows the unchanged unit file /lib/systemd/system/getty@.service. Although I did desire to not alter the original systemd unit file in /lib, I may need to do that and see if it makes a difference.

The fix seems to be here:

Midway through the page someone was working with a serial instead of a virtual terminal. I’m not exactly sure of the impact of the edit in the logind.conf file, but the combination shown there works.