[SOLVED] Auto-Login for Root on Local TTY or Password-Free Access

[shalak]

Hello!

I'm looking for a way to enable root auto-login or bypass the password prompt, but only for local TTY (physical monitor and keyboard). It's important that full PAM authentication remains for web GUI and remote access.

Anybody knows the elegant way to achieve this?

 

[_gabriel]

as Proxmox VE is a standard Linux Debian, you can search for Linux, and find like this
https://superuser.com/a/970013

 

[shalak]

as Proxmox VE is a standard Linux Debian, you can search for Linux, and find like this
https://superuser.com/a/970013

Yep, the systemd drop-in unit (followed by systemctl daemon-reload) did the trick:

# cat /etc/systemd/system/getty@.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty --noclear --autologin root %I $TERM

The original unit has ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM that replaces 'login' arguments with an option to preserve environment - unfortunately, that doesn't work with autologin, i.e. this is not correct:

ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --autologin root %I $TERM

So I guess, we're loosing the environment preservation when we enable autologin. I wonder why was it set in a first place?

 

[gerardgarcia]

Yep, the systemd drop-in unit (followed by systemctl daemon-reload) did the trick:

# cat /etc/systemd/system/getty@.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty --noclear --autologin root %I $TERM

The original unit has ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM that replaces 'login' arguments with an option to preserve environment - unfortunately, that doesn't work with autologin, i.e. this is not correct:

ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --autologin root %I $TERM

So I guess, we're loosing the environment preservation when we enable autologin. I wonder why was it set in a first place?

I Done it and it works, when I start up my proxmox server it says:


pve login: root (automatic login)
Password:

It prompts for the password.

So I wonder if there is a way to auto type the password. I Think its not very secure. But I want to do it.


Because I have under the hook, to run automatically a linux command after this.


And thats the second question:
How can I run a linux command after autologin?


Thanks in advance

 

[gerardgarcia]

I Done it and it works, when I start up my proxmox server it says:


pve login: root (automatic login)
Password:

It prompts for the password.

So I wonder if there is a way to auto type the password. I Think its not very secure. But I want to do it.


Because I have under the hook, to run automatically a linux command after this.


And thats the second question:
How can I run a linux command after autologin?


Thanks in advance

I answer myself.
That I wanted to do its to run a linux program called "cmatrix", its a kinda "Matrix Rain".
So I edited the same

nano /lib/systemd/system/getty@.service

And I replaced:
ExecStart=-/sbin/agetty -autologin root -o '-p -- \\u' --noclear - $TERM


With this:
ExecStart=-/bin/cmatrix


And thats it.


Every time that I restart my proxmox server, it runs the cmatrix command at the Internal Graphics HDMI Port of the mainboard

 

[shalak]

I Done it and it works, when I start up my proxmox server it says:


pve login: root (automatic login)
Password:

It prompts for the password.

Well, if it prompts for the password it does not work You need to create a file that I mentioned above (/etc/systemd/system/getty@.service.d/autologin.conf) with the following content:

[Service]
ExecStart=
ExecStart=-/sbin/agetty --noclear --autologin root %I $TERM

How can I run a linux command after autologin?

You can add commands to the ~/.profile or ~/.bash_profile: check this post for more context

 

[shalak]

And I replaced:
ExecStart=-/sbin/agetty -autologin root -o '-p -- \\u' --noclear - $TERM


With this:
ExecStart=-/bin/cmatrix

Huh, you effectively prevented yourself from local login, not sure if that's what you want to do. If you even lose SSH access, you'll probably need to restart into some single-user mode to fix this.

 

[gerardgarcia]

Huh, you effectively prevented yourself from local login, not sure if that's what you want to do. If you even lose SSH access, you'll probably need to restart into some single-user mode to fix this.

oooo Ok I see, I must reconfigure

 

[gerardgarcia]

Huh, you effectively prevented yourself from local login, not sure if that's what you want to do. If you even lose SSH access, you'll probably need to restart into some single-user mode to fix this.

Yeaaaaah of course.
Thanks so much.

By some weird reason I cant make

/etc/systemd/system/getty@.service.d/autologin.conf

I've done:

nano /etc/systemd/system/getty@.service.d/autologin.conf

So I decided to edit that file:

/lib/systemd/system/getty@.service

Then I put the lines that you suggested me:

ExecStart=
ExecStart=-/sbin/agetty --noclear --autologin root %I $TERM

So I restarted the server and voila!
It login automatically without prompting password.


So, In order to run my cmatrix
I edited that file:

nano ~/.profile

When I opened that file seems like this:

GNU nano 7.2                                /root/.profile                                         
# ~/.profile: executed by Bourne-compatible login shells.


if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
fi


mesg n 2> /dev/null || true

I added at the end of file that line:

/bin/cmatrix

And Voila!!!!! It runs without problem everytime that I start the server, or everytime that I run a new shell

 

[shalak]

By some weird reason I cant make

What is this "weird" reason? Maybe you don't have the /etc/systemd/system/getty@.service.d/ directory, you need to create it first.

So I decided to edit that file:

/lib/systemd/system/getty@.service

So you're modifying the main systemd file. It might (and will) be overridden by system upgrade. The "drop-in" files (i.e. files placed in the "*.d" directories) won't.

And Voila!!!!! It runs without problem everytime that I start the server, or everytime that I run a new shell

Yep, if that was the goal, you're done. If you want this to be executed only on local shell, not via SSH, you can do this instead:

if [ -z "$SSH_CONNECTION" ] && [ -z "$SSH_TTY" ]; then
    /bin/cmatrix
fi

 

[gerardgarcia]

What is this "weird" reason? Maybe you don't have the /etc/systemd/system/getty@.service.d/ directory, you need to create it first.


So you're modifying the main systemd file. It might (and will) be overridden by system upgrade. The "drop-in" files (i.e. files placed in the "*.d" directories) won't.




Yep, if that was the goal, you're done. If you want this to be executed only on local shell, not via SSH, you can do this instead:

if [ -z "$SSH_CONNECTION" ] && [ -z "$SSH_TTY" ]; then
    /bin/cmatrix
fi

I said weird, because I know that this file doesn't exist, when I try to save it on nano, its said me that its not possible.
So I tried to do with "touch" in order to make that new file I cant

 

[shalak]

its said me that its not possible

and it doesn't say why is it not possible?

with "touch" in order to make that new file I cant

again - it should tell you why. My bet is that you need to create the directory fist, i.e.: mkdir -p /etc/systemd/system/getty@.service.d

 

[LnxBil]

Why don't you just reconfigure your tty0 device and keep all other as they are? Then you have only cmatrix on the default console and a login prompt on all other consoles.