I will try to follow your instructions to achive this goal and I will get in touch with you if I had furthur questions.
Thank you for help.
Posts by kia_rst
-
-
What you mentioned is exactly what I have in mind,
the device is in a metal box with lock and there is no physical access to the SD card or the device it self and there is no network connected.
So in case I want to change something on LE, I was thinking of providing access to the UART console from outside the box so I wont have to open the box every time. just plug in a cable and make the changes.
This is a rare use case of course, but that is why I need to secure the shell on UART. So only the person with the key to the box or the password of the UART shell can make changes to the system.
Yes I have looked over a hundred addons and none of them were providing a getty on LE.
Actually I have built my own system image of LE (squashfs), So if you could literally point me in the right direction, I might be able to bring getty on my own image.
Thank you.
-
Thank you for the information.
Does something like system-tools provide a getty? Or any other way for installing one?
Or what your saying is, there is no way around this?
Maybe even using something rather than a debug-shell that would provide a shell with password prompt on UART?
I even had this idea that when we SSH into the system, the shell does prompt for a password. So it would be possible to do the same thing on UART (technically).
For example:
As I understood so far about the above code written in cmdline.txt, when I remove the debug-shell parameter, I get boot process output of LE on UART and no interactive shell, so I think what it does is it pipes the LE console output to the serial0 terminal and nothing more. Right?
In this case (just as an idea) would it be possible to pipe the SSH output to the serial0 terminal to get an interactive shell with password prompt as the SSH it self?
-
Hi everyone,
I've been successful on using the UART on Raspberry Pi 4 as a serial console by doing as below:
In cmdline.txt added:
console=serial0,115200 systemd.debug-shell=1
and in config.txt added:
enable_uart=1
Now an unsecured console is accessible from the UART pins and every time the system boots up, this shell is accessible without prompting for a password and this compromises the security of the system.
I've been searching around this for decades now and found no solutions so far about how to make this shell secure by making it ask for a password before giving root shell access to the connected user?