Allow passwordless root login on the serial console

After some experimenting, I've got something that works:

  1. Run systemctl edit [email protected], and add the following:

    ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,38400,9600 --noclear --autologin root ttyS0 $TERM

    This will cause agetty to auto-login the root user, but with only this change the system will still prompt you for the root password.

  2. We can configure /etc/pam.d/login to authenticate root logins on the console without a password. Add the following to the top of /etc/pam.d/login:

    auth sufficient item=tty sense=allow file=/etc/securetty onerr=fail apply=root

    This will cause the PAM stack to check for the login tty in /etc/securetty, and to skip other authentication mechanisms if it finds it.

  3. Add the serial port to /etc/securetty:

    # echo ttyS0 > /etc/securetty

With these changes in place, you'll see the following on the serial console when you boot:

CentOS Linux 8 (Core)
Kernel 4.18.0-80.11.2.el8_0.x86_64 on an x86_64

localhost login: root (automatic login)

Last login: Sun Nov 17 00:29:36 on ttyS0
[[email protected] ~]#

...and if you log out, you'll end up right back at the shell prompt.

Note that I've used the filename /etc/securetty here, which in days of yore actually did something else (it controlled terminals on which root was allowed to log in). So if that bothers you, use a different file :).