mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 23:48:09 +01:00
1130b656e5
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
540 lines
21 KiB
Plaintext
540 lines
21 KiB
Plaintext
<!-- This is an SGML document in the linuxdoc DTD describing
|
|
hardwired terminals with FreeBSD. By Sean Kelly, (c) 1996.
|
|
|
|
$FreeBSD$
|
|
|
|
The FreeBSD Documentation Project
|
|
|
|
<!DOCTYPE linuxdoc PUBLIC "-//FreeBSD//DTD linuxdoc//EN">
|
|
|
|
<linuxdoc>
|
|
<article>
|
|
<title> Hardwired Terminals
|
|
<author> Sean Kelly <tt/kelly@fsl.noaa.gov/
|
|
<date> 24 June 1996, (c) 1996
|
|
|
|
<abstract> This document describes using hardwired terminals
|
|
attached to computers running FreeBSD. It describes how to
|
|
set up the terminal hardware (including cabling), how to
|
|
configure FreeBSD to provide login sessions to those
|
|
terminals, and how to troubleshoot problems with terminals.
|
|
</abstract>
|
|
|
|
<toc>
|
|
-->
|
|
|
|
<sect><heading>Terminals<label id="term"></heading>
|
|
|
|
<p><em>Contributed by &a.kelly;<newline>28 July 1996</em>
|
|
|
|
Terminals provide a convenient and low-cost way to access the
|
|
power of your FreeBSD system when you are not at the computer's
|
|
console or on a connected network. This section describes how
|
|
to use terminals with FreeBSD.
|
|
|
|
<sect1><heading>Uses and Types of Terminals<label
|
|
id="term:uses"></heading>
|
|
|
|
<p>The original Unix systems did not have consoles. Instead,
|
|
people logged in and ran programs through terminals that were
|
|
connected to the computer's serial ports. It is quite similar
|
|
to using a modem and some terminal software to dial into a
|
|
remote system to do text-only work.
|
|
|
|
Today's PCs have consoles capable of high quality graphics,
|
|
but the ability to establish a login session on a serial port
|
|
still exists in nearly every Unix-style operating system
|
|
today; FreeBSD is no exception. By using a terminal attached
|
|
to a unused serial port, you can log in and run any text
|
|
program that you would normally run on the console or in an
|
|
<tt/xterm/ window in the X Window System.
|
|
|
|
For the business user, you can attach many terminals to a
|
|
FreeBSD system and place them on your employees' desktops.
|
|
For a home user, a spare computer such as an older IBM PC or a
|
|
Macintosh can be a terminal wired into a more powerful
|
|
computer running FreeBSD. You can turn what might otherwise
|
|
be a single-user computer into a powerful multiple user
|
|
system.
|
|
|
|
For FreeBSD, there are three kinds of terminals:
|
|
|
|
<itemize>
|
|
<item><ref name="Dumb terminals" id="term:dumb">
|
|
<item><ref name="PCs acting as terminals" id="term:pcs">
|
|
<item><ref name="X terminals" id="term:x">
|
|
</itemize>
|
|
|
|
The remaining subsections describe each kind.
|
|
|
|
<sect2><heading>Dumb Terminals<label id="term:dumb"></heading>
|
|
|
|
<p>Dumb terminals are specialized pieces of hardware that let
|
|
you connect to computers over serial lines. They are called
|
|
``dumb'' because they have only enough computational power
|
|
to display, send, and receive text. You cannot run any
|
|
programs on them. It is the computer to which you connect
|
|
them that has all the power to run text editors, compilers,
|
|
email, games, and so forth.
|
|
|
|
There are hundreds of kinds of dumb terminals made by
|
|
many manufacturers, including Digital Equipment
|
|
Corporation's VT-100 and Wyse's WY-75. Just about any kind
|
|
will work with FreeBSD. Some high-end terminals can even
|
|
display graphics, but only certain software packages can
|
|
take advantage of these advanced features.
|
|
|
|
Dumb terminals are popular in work environments where
|
|
workers do not need access to graphic applications such as
|
|
those provided by the X Window System.
|
|
|
|
<sect2><heading>PCs Acting As Terminals<label
|
|
id="term:pcs"></heading>
|
|
|
|
<p>If a <ref name="dumb terminal" id="term:dumb"> has just
|
|
enough ability to display, send, and receive text, then
|
|
certainly any spare personal computer can be a dumb
|
|
terminal. All you need is the proper cable and some
|
|
<em/terminal emulation/ software to run on the computer.
|
|
|
|
Such a configuration is popular in homes. For example, if
|
|
your spouse is busy working on your FreeBSD system's
|
|
console, you can do some text-only work at the same time
|
|
from a less powerful personal computer hooked up as a
|
|
terminal to the FreeBSD system.
|
|
|
|
<sect2><heading>X Terminals<label id="term:x"></heading>
|
|
|
|
<p>X terminals are the most sophisticated kind of terminal
|
|
available. Instead of connecting to a serial port, they
|
|
usually connect to a network like Ethernet. Instead of
|
|
being relegated to text-only applications, they can display
|
|
any X application.
|
|
|
|
We introduce X terminals just for the sake of completeness.
|
|
However, this chapter does <em/not/ cover setup,
|
|
configuration, or use of X terminals.
|
|
|
|
<sect1><heading>Cables and Ports<label
|
|
id="term:cables-ports"></heading>
|
|
|
|
<p>To connect a terminal to your FreeBSD system, you need the
|
|
right kind of cable and a serial port to which to connect it.
|
|
This section tells you what to do. If you are already
|
|
familiar with your terminal and the cable it requires, skip to
|
|
<ref name="Configuration" id="term:config">.
|
|
|
|
<sect2><heading>Cables<label id="term:cables"></heading>
|
|
|
|
<p>Because terminals use serial ports, you need to use
|
|
serial---also known as RS-232C---cables to connect the
|
|
terminal to the FreeBSD system.
|
|
|
|
There are a couple of kinds of serial cables. Which one
|
|
you'll use depends on the terminal you want to connect:
|
|
|
|
<itemize>
|
|
<item>If you are connecting a personal computer to act as
|
|
a terminal, use a <ref name="null-modem" id="term:null">
|
|
cable. A null-modem cable connects two computers or
|
|
terminals together.
|
|
|
|
<item>If you have an actual terminal, your best source of
|
|
information on what cable to use is the documentation
|
|
that accompanied the terminal. If you do not have the
|
|
documentation, then try a <ref name="null-modem"
|
|
id="term:null"> cable. If that does not work, then try
|
|
a <ref name="standard" id="term:std"> cable.
|
|
</itemize>
|
|
|
|
Also, the serial port on <em/both/ the terminal and your
|
|
FreeBSD system must have connectors that will fit the cable
|
|
you are using.
|
|
|
|
<sect3><heading>Null-modem cables<label id="term:null"></heading>
|
|
|
|
<p>A null-modem cable passes some signals straight through,
|
|
like ``signal ground,'' but switches other signals. For
|
|
example, the ``send data'' pin on one end goes to the
|
|
``receive data'' pin on the other end.
|
|
|
|
If you like making your own cables, here is a table
|
|
showing a recommended way to construct a null-modem cable
|
|
for use with terminals. This table shows the RS-232C
|
|
signal names and the pin numbers on a DB-25 connector.
|
|
<tscreen><verb>
|
|
Signal Pin# Pin# Signal
|
|
TxD 2 ----------------------- 3 RxD
|
|
RxD 3 ----------------------- 2 TxD
|
|
DTR 20 ----------------------- 6 DSR
|
|
DSR 6 ----------------------- 20 DTR
|
|
SG 7 ----------------------- 7 SG
|
|
DCD 8 ----------------------+ 4 RTS*
|
|
*RTS 4 + + 5 CTS*
|
|
*CTS 5 +---------------------- 8 DCD
|
|
|
|
* Connect pins 4 to 5 internally in the connector hood, and then to
|
|
pin 8 in the remote hood.
|
|
</verb></tscreen>
|
|
|
|
<sect3><heading>Standard RS-232C Cables<label
|
|
id="term:std"></heading>
|
|
|
|
<p>A standard serial cable passes all the RS-232C signals
|
|
straight-through. That is, the ``send data'' pin on one
|
|
end of the cable goes to the ``send data'' pin on the
|
|
other end. This is the type of cable to connect a modem
|
|
to your FreeBSD system, and the type of cable needed for
|
|
some terminals.
|
|
|
|
<sect2><heading>Ports<label id="term:ports"></heading>
|
|
|
|
<p>Serial ports are the devices through which data is
|
|
transferred between the FreeBSD host computer and the
|
|
terminal. This section describes the kinds of ports that
|
|
exist and how they are addressed in FreeBSD.
|
|
|
|
<sect3><heading>Kinds of Ports<label
|
|
id="term:portkinds"></heading>
|
|
|
|
<p>Several kinds of serial ports exist. Before you purchase
|
|
or construct a cable, you need to make sure it will fit
|
|
the ports on your terminal and on the FreeBSD system.
|
|
|
|
Most terminals will have DB25 ports. Personal computers,
|
|
including PCs running FreeBSD, will have DB25 or DB9
|
|
ports. If you have a multiport serial card for your PC,
|
|
you may have RJ-12 or RJ-45 ports.
|
|
|
|
See the documentation that accompanied the hardware for
|
|
specifications on the kind of port in use. A visual
|
|
inspection of the port often works, too.
|
|
|
|
<sect3><heading>Port Names<label
|
|
id="term:portnames"></heading>
|
|
|
|
<p>In FreeBSD, you access each serial port through an entry
|
|
in the <tt>/dev</tt> directory. There are two different
|
|
kinds of entries:
|
|
<itemize>
|
|
<item>Callin ports are named <tt>/dev/ttyd<it/X/</tt>
|
|
where <it/X/ is the port number, starting from zero.
|
|
Generally, you use the callin port for terminals.
|
|
Callin ports require that the serial line assert the
|
|
data carrier detect (DCD) signal to work.
|
|
|
|
<item>Callout ports are named <tt>/dev/cuaa<it/X/</tt>.
|
|
You usually do not use the callout port for terminals,
|
|
just for modems. You may use the callout port if the
|
|
serial cable or the terminal does not support the
|
|
carrier detect signal.
|
|
</itemize>
|
|
|
|
See the sio(4) manual page for more information.
|
|
|
|
If you have connected a terminal to the first serial port
|
|
(COM1 in DOS parlance), then you want to use
|
|
<tt>/dev/ttyd0</tt> to refer to the terminal. If it is on
|
|
the second serial port (also known as COM2), it is
|
|
<tt>/dev/ttyd1</tt>, and so forth.
|
|
|
|
Note that you may have to configure your kernel to support
|
|
each serial port, especially if you have a multiport
|
|
serial card. See <ref name="Configuring the FreeBSD
|
|
Kernel" id="kernelconfig"> for more information.
|
|
|
|
<sect1><heading>Configuration<label id="term:config"></heading>
|
|
|
|
<p>This section describes what you need to configure on your
|
|
FreeBSD system to enable a login session on a terminal. It
|
|
assumes you have already configured your kernel to support the
|
|
serial port to which the terminal is connected---and that you
|
|
have connected it.
|
|
|
|
In a nutshell, you need to tell the <tt/init/ process, which is
|
|
responsible for process control and initialization, to start a
|
|
<tt/getty/ process, which is responsible for reading a login
|
|
name and starting the <tt/login/ program.
|
|
|
|
To do so, you have to edit the <tt>/etc/ttys</tt> file.
|
|
First, use the <tt/su/ command to become root. Then, make the
|
|
following changes to <tt>/etc/ttys</tt>:
|
|
<enum>
|
|
<item>Add an line to <tt>/etc/ttys</tt> for the entry in the
|
|
<tt>/dev</tt> directory for the serial port if it is not
|
|
already there.
|
|
|
|
<item>Specify that <tt>/usr/libexec/getty</tt> be run on the
|
|
port, and specify the appropriate <tt/getty/ type from the
|
|
<tt>/etc/gettytab</tt> file.
|
|
|
|
<item>Specify the default terminal type.
|
|
|
|
<item>Set the port to ``on.''
|
|
|
|
<item>Specify whether the port should be ``secure.''
|
|
|
|
<item>Force <tt/init/ to reread the <tt>/etc/ttys</tt> file.
|
|
</enum>
|
|
|
|
As an optional step, you may wish to create a custom
|
|
<tt/getty/ type for use in step 2 by making an entry in
|
|
<tt>/etc/gettytab</tt>. This document does not explain how to
|
|
do so; you are encouraged to see the gettytab(5) and the
|
|
getty(8) manual pages for more information.
|
|
|
|
The remaining sections detail how to do these steps. We will
|
|
use a running example throughout these sections to illustrate
|
|
what we need to do. In our example, we will connect two
|
|
terminals to the system: a Wyse-50 and a old 286 IBM PC
|
|
running Procomm terminal software emulating a VT-100 terminal.
|
|
We connect the Wyse to the second serial port and the 286 to
|
|
the sixth serial port (a port on a multiport serial card).
|
|
|
|
For more information on the <tt>/etc/ttys</tt> file, see the
|
|
ttys(5) manual page.
|
|
|
|
<sect2><heading>Adding an Entry to <tt>/etc/ttys</tt><label
|
|
id="term:etcttys"></heading>
|
|
<p>First, you need to add an entry to the <tt>/etc/ttys</tt>
|
|
file, unless one is already there.
|
|
|
|
The <tt>/etc/ttys</tt> file lists all of the ports on your
|
|
FreeBSD system where you want to allow logins. For example,
|
|
the first virtual console <tt>ttyv0</tt> has an entry in
|
|
this file. You can log in on the console using this entry.
|
|
This file contains entries for the other virtual consoles,
|
|
serial ports, and pseudo-ttys. For a hardwired terminal,
|
|
just list the serial port's <tt>/dev</tt> entry without the
|
|
<tt>/dev</tt> part.
|
|
|
|
When you installed your FreeBSD system, the
|
|
<tt>/etc/ttys</tt> file included entries for the first four
|
|
serial ports: <tt/ttyd0/ through <tt/ttyd3/. If you are
|
|
attaching a terminal on one of those ports, you do not need
|
|
to add an entry.
|
|
|
|
In our example, we attached a Wyse-50 to the second serial
|
|
port, <tt/ttyd1/, which is already in the file. We need to
|
|
add an entry for the 286 PC connected to the sixth serial
|
|
port. Here is an excerpt of the <tt>/etc/ttys</tt> file
|
|
after we add the new entry:
|
|
<tscreen><verb>
|
|
ttyd1 "/usr/libexec/getty std.9600" unknown off secure
|
|
ttyd5
|
|
</verb></tscreen>
|
|
|
|
<sect2><heading>Specifying the <tt/getty/ Type<label
|
|
id="term:getty"></heading>
|
|
<p>Next, we need to specify what program will be run to handle
|
|
the logins on a terminal. For FreeBSD, the standard program
|
|
to do that is <tt>/usr/libexec/getty</tt>. It is what
|
|
provides the <tt>login:</tt> prompt.
|
|
|
|
The program <tt/getty/ takes one (optional) parameter on its
|
|
command line, the <em/<tt/getty/ type/. A <tt/getty/ type
|
|
tells about characteristics on the terminal line, like bps
|
|
rate and parity. The <tt/getty/ program reads these
|
|
characteristics from the file <tt>/etc/gettytab</tt>.
|
|
|
|
The file <tt>/etc/gettytab</tt> contains lots of entries for
|
|
terminal lines both old and new. In almost all cases, the
|
|
entries that start with the text <tt/std/ will work for
|
|
hardwired terminals. These entries ignore parity. There is
|
|
a <tt/std/ entry for each bps rate from 110 to 115200. Of
|
|
course, you can add your own entries to this file. The
|
|
manual page gettytab(5) provides more information.
|
|
|
|
When setting the <tt/getty/ type in the <tt>/etc/ttys</tt>
|
|
file, make sure that the communications settings on the
|
|
terminal match.
|
|
|
|
For our example, the Wyse-50 uses no parity and connects at
|
|
38400 bps. The 286 PC uses no parity and connects at 19200
|
|
bps. Here is the <tt>/etc/ttys</tt> file so far (showing
|
|
just the two terminals in which we are interested):
|
|
<tscreen><verb>
|
|
ttyd1 "/usr/libexec/getty std.38400" unknown off secure
|
|
ttyd5 "/usr/libexec/getty std.19200"
|
|
</verb></tscreen>
|
|
Note that the second field---where we specify what program
|
|
to run---appears in quotes. This is important, otherwise
|
|
the type argument to <tt/getty/ might be interpreted as the
|
|
next field.
|
|
|
|
<sect2><heading>Specifying the Default Terminal Type<label
|
|
id="term:deftermtype"></heading>
|
|
|
|
<p>The third field in the <tt>/etc/ttys</tt> file lists the
|
|
default terminal type for the port. For dialup ports, you
|
|
typically put <tt/unknown/ or <tt/dialup/ in this field
|
|
because users may dial up with practically any kind of
|
|
terminal or software. For hardwired terminals, the terminal
|
|
type does not change, so you can put a real terminal type in
|
|
this field.
|
|
|
|
Users will usually use the <tt/tset/ program in
|
|
their <tt/.login/ or <tt/.profile/ files to check the terminal
|
|
type and prompt for one if necessary. By setting a terminal
|
|
type in the <tt>/etc/ttys</tt> file, users can forego such
|
|
prompting.
|
|
|
|
To find out what terminal types FreeBSD supports, see the
|
|
file <tt>/usr/share/misc/termcap</tt>. It lists about 600
|
|
terminal types. You can add more if you wish. See the
|
|
termcap(5) manual page for information.
|
|
|
|
In our example, the Wyse-50 is a Wyse-50 type of terminal
|
|
(although it can emulate others, we will leave it in Wyse-50
|
|
mode). The 286 PC is running Procomm which will be set to
|
|
emulate a VT-100. Here are the pertinent yet unfinished
|
|
entries from the <tt>/etc/ttys</tt> file:
|
|
<tscreen><verb>
|
|
ttyd1 "/usr/libexec/getty std.38400" wy50 off secure
|
|
ttyd5 "/usr/libexec/getty std.19200" vt100
|
|
</verb></tscreen>
|
|
|
|
<sect2><heading>Enabling the Port<label
|
|
id="term:enable"></heading>
|
|
<p>The next field in <tt>/etc/ttys</tt>, the fourth field,
|
|
tells whether to enable the port. Putting <tt/on/ here will
|
|
have the <tt/init/ process start the program in the second
|
|
field, <tt/getty/, which will prompt for a login. If you
|
|
put <tt/off/ in the fourth field, there will be no
|
|
<tt/getty/, and hence no logins on the port.
|
|
|
|
So, naturally, you want an <tt/on/ in this field. Here
|
|
again is the <tt>/etc/ttys</tt> file. We have turned each
|
|
port <tt/on/.
|
|
<tscreen><verb>
|
|
ttyd1 "/usr/libexec/getty std.38400" wy50 on secure
|
|
ttyd5 "/usr/libexec/getty std.19200" vt100 on
|
|
</verb></tscreen>
|
|
|
|
|
|
<sect2><heading>Specifying Secure Ports<label
|
|
id="term:secure"></heading>
|
|
<p>We have arrived at the last field (well, almost: there is
|
|
an optional <tt/window/ specifier, but we will ignore that).
|
|
The last field tells whether the port is secure.
|
|
|
|
What does ``secure'' mean?
|
|
|
|
It means that the root account (or any account with a user
|
|
ID of 0) may login on the port. Insecure ports do not
|
|
allow root to login.
|
|
|
|
How do you use secure and insecure ports?
|
|
|
|
By marking a port as insecure, the terminal to which it is
|
|
connected will not allow root to login. People who know
|
|
the root password to your FreeBSD system will first have to
|
|
login using a regular user account. To gain superuser
|
|
privileges, they will then have to use the <tt/su/ command.
|
|
|
|
Because of this, you will have two records to help track
|
|
down possible compromises of root privileges: both the login
|
|
and the <tt/su/ command make records in the system log (and
|
|
logins are also recorded in the <tt/wtmp/ file).
|
|
|
|
By marking a port as secure, the terminal will allow root
|
|
in. People who know the root password will just login as
|
|
root. You will not have the potentially useful login and
|
|
<tt/su/ command records.
|
|
|
|
Which should you use?
|
|
|
|
Just use ``insecure.'' Use ``insecure'' <em/even/ for
|
|
terminals <em/not/ in public user areas or behind locked
|
|
doors. It is quite easy to login and use <tt/su/ if you
|
|
need superuser privileges.
|
|
|
|
Here finally are the completed entries in the
|
|
<tt>/etc/ttys</tt> file, with comments added to describe
|
|
where the terminals are:
|
|
<tscreen><verb>
|
|
ttyd1 "/usr/libexec/getty std.38400" wy50 on insecure # Kitchen
|
|
ttyd5 "/usr/libexec/getty std.19200" vt100 on insecure # Guest bathroom
|
|
</verb></tscreen>
|
|
|
|
<sect2><heading>Force <tt/init/ to Reread
|
|
<tt>/etc/ttys</tt><label id="term:hup"></heading>
|
|
<p>When you boot FreeBSD, the first process, <tt/init/, will
|
|
read the <tt>/etc/ttys</tt> file and start the programs
|
|
listed for each enabled port to prompt for logins.
|
|
|
|
After you edit <tt>/etc/ttys</tt>, you do not want to have
|
|
to reboot your system to get <tt/init/ to see the changes.
|
|
So, <tt/init/ will reread <tt>/etc/ttys</tt> if it receives
|
|
a SIGHUP (hangup) signal.
|
|
|
|
So, after you have saved your changes to <tt>/etc/ttys</tt>,
|
|
send SIGHUP to <tt/init/ by typing:
|
|
<tscreen><verb>
|
|
kill -HUP 1
|
|
</verb></tscreen>
|
|
(The <tt/init/ process <em/always/ has process ID 1.)
|
|
|
|
If everything is set up correctly, all cables are in place,
|
|
and the terminals are powered up, you should see login
|
|
prompts. Your terminals are ready for their first logins!
|
|
|
|
<sect1><heading>Debugging your connection<label
|
|
id="term:debug"></heading>
|
|
<p>Even with the most meticulous attention to detail, something
|
|
could still go wrong while setting up a terminal. Here is a
|
|
list of symptoms and some suggested fixes.
|
|
|
|
<descrip>
|
|
<tag/No login prompt appears/
|
|
|
|
Make sure the terminal is plugged in and powered up. If
|
|
it is a personal computer acting as a terminal, make sure
|
|
it is running terminal emulation software on the correct
|
|
serial port.
|
|
|
|
Make sure the cable is connected firmly to both the
|
|
terminal and the FreeBSD computer. Make sure it is the
|
|
right kind of cable.
|
|
|
|
Make sure the terminal and FreeBSD agree on the bps rate
|
|
and parity settings. If you have a video display
|
|
terminal, make sure the contrast and brightness controls
|
|
are turned up. If it is a printing terminal, make sure
|
|
paper and ink are in good supply.
|
|
|
|
Make sure that a <tt/getty/ process is running and serving
|
|
the terminal. Type
|
|
<tscreen><verb>
|
|
ps -axww|grep getty
|
|
</verb></tscreen>
|
|
to get a list of running <tt/getty/ processes. You should
|
|
see an entry for the terminal. For example, the display
|
|
<tscreen><verb>
|
|
22189 d1 Is+ 0:00.03 /usr/libexec/getty std.38400 ttyd1
|
|
</verb></tscreen>
|
|
shows that a <tt/getty/ is running on the second serial
|
|
port <tt/ttyd1/ and is using the <tt/std.38400/ entry in
|
|
<tt>/etc/gettytab</tt>.
|
|
|
|
If no <tt/getty/ process is running, make sure you have
|
|
enabled the port in <tt>/etc/ttys</tt>. Make sure you
|
|
have run <tt/kill -HUP 1/.
|
|
|
|
<tag/Garbage appears instead of a login prompt/
|
|
|
|
Make sure the terminal and FreeBSD agree on the bps rate
|
|
and parity settings. Check the getty processes to make
|
|
sure the correct <tt/getty/ type is in use. If not, edit
|
|
<tt>/etc/ttys</tt> and run <tt/kill -HUP 1/.
|
|
|
|
<tag/Characters appear doubled; the password appears when typed/
|
|
|
|
Switch the terminal (or the terminal emulation software)
|
|
from ``half duplex'' or ``local echo'' to ``full duplex.''
|
|
|
|
</descrip>
|
|
|
|
|
|
|