Hi everyone,
I have some Mikrotik rb911 openwrt routers (24.10), I found these entries on logs of all of them:
Sat Feb 15 02:36:37 2025 auth.info login[4493]: root login on 'ttyS0'
Sun Feb 16 13:43:18 2025 auth.info login[4563]: root login on 'ttyS0'
but serial console port is PHYSICALLY disconnected (connector not soldered), so how can this be possible?
Thanks
Sergio
I found this line on /usr/libexec/login.sh executed in inittab:
[ "$(uci -q get system.@system[0].ttylogin)" = 1 ] || exec /bin/login -f root
So I am going try to do uci set system.@system[0].ttylogin=1 and see if is working
As you found out, this is not a login performed by a person. By default the serial console is being logged in as root, whether or not someone is actually connected to it. Setting the ttylogin system option to 1 disables this if you believe this to be a security risk.