VMware Networking Community
TarunGuptaAccen
Enthusiast
Enthusiast
Jump to solution

Change NSX Controller Root password

Hi Team ,

   We are using NSX version 6.3.2 .   Root login is not working on NSX Controller. It does not even ask for Password in Console.

pastedImage_0.png

When i do ssh to controller , i am trying root/Vmware  but not able to login . 

1.  i am able to login as admin user . How can i reset root password.

2. Where does it ask  for root password at the time of NSX Controller deployment ?

1 Solution

Accepted Solutions
sk84
Expert
Expert
Jump to solution

is this the root password " cnIXYkP/yKgc/zTyP8f/ " ?

Yes.

if yes , i am not able to login via ssh as root .

As mentioned before, you cannot log in as root via SSH. This is forbidden in sshd_config. Open a local console (because of the special characters I would recommend the VMRC) and log in as root there. Not via SSH.

//EDIT:

I've checked my documentation. There is also another way, which should work in 6.3 and 6.4.

- Get the root password of the controller as mentioned before

- Login as admin user via SSH

- Enter the following command:

: debug os-shell

(Please note there is a colon and space before "debug").

- Enter the controller root password there

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.

View solution in original post

8 Replies
lmoglie
Enthusiast
Enthusiast
Jump to solution

Hi,

During the deploy of the first controller the system ask to you to insert the password only once.... if you will forgot the password of the controllers you can change the password following link "Change Controller Password​".

If you need to reset the password of the NSX Manager is another story just let me know and I will show you.

Regards

LM

Reply
0 Kudos
lmoglie
Enthusiast
Enthusiast
Jump to solution

Hi,

I forgot to say that only "admin" is available to standard users, remember that is a busy box.

Regards

LM

Reply
0 Kudos
TarunGuptaAccen
Enthusiast
Enthusiast
Jump to solution

Hi lmoglie​,

  Thanks for reply  but that password is the Cluster controller password  which is admin user password ..it is not root password.

I want to login as root so that i can see the file system and run other commands . Correct me if wrong.

Tarun Gupta

Reply
0 Kudos
sk84
Expert
Expert
Jump to solution

By default, only the admin user is available for remote logins on all NSX components. VMware does not want you to be able to log in directly as root and access the Linux shell via a remote console. In addition, the root passwords for all NSX components are automatically generated during deployment and stored on the NSX Manager.

Therefore as a warning:
Accessing the Linux shell as root user and executing commands is not supported by VMware! This is valid for all NSX components.

If you still want to do it, you must first log on to the NSX Manager as admin user and switch to Engineering Mode (see VMware Knowledge Base ).

Once you are root there, you can use the following command to display the generated root passwords for the NSX controllers:

/home/secureall/secureall/sem/WEB-INF/classes/GetNvpApiPassword.sh controller-nn

(Replace controller-nn with the controller id. For example: controller-12)

Now you can log on as "root" user in a local shell of a nsx controller. The root login is disabled for SSH.

This is the undocumented and unofficial process for NSX 6.4. I am not sure if it is the same for NSX 6.3, because in an earlier version you had to use the command "debug os-shell" in the enable mode of an nsx controller to switch to root.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
Reply
0 Kudos
TarunGuptaAccen
Enthusiast
Enthusiast
Jump to solution

hi sk84​:

  Thanks a lot buddy .  Please help me below :

root@annwprenx001 ~]# /home/secureall/secureall/sem/WEB-INF/classes/GetNvpApiPassword.sh controller-8

- Refreshing org.springframework.context.support.FileSystemXmlApplicationContext@19b1ebe5: startup date [Thu Apr 18 18:08:55 BST 2019]; root of context hierarchy

- Loading XML bean definitions from file [/home/secureall/secureall/sem/WEB-INF/spring/get-nvpapi-password-config.xml]

- Loading XML bean definitions from file [/home/secureall/secureall/sem/WEB-INF/spring/db-config.xml]

- Loading properties file from file [/home/secureall/secureall/sem/WEB-INF/spring/vsmConfig.properties]

- Loading properties file from file [/home/secureall/secureall/sem/WEB-INF/spring/jdbc.properties]

- JSR-330 'javax.inject.Inject' annotation found and supported for autowiring

- Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@7a13f4c: defining beans [dataSource,org.springframework.context.support.PropertySourcesPlaceholderConfigurer#0,configProperties,org.springframework.context.support.PropertySourcesPlaceholderConfigurer#1,AESEncryptDecrypt,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,getNVPAPIPasswordUtil,org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor]; root of factory hierarchy

cnIXYkP/yKgc/zTyP8f/

1. is this the root password " cnIXYkP/yKgc/zTyP8f/ " ?

2.  if yes , i am not able to login via ssh as root . I am  logged in as admin and running "debug os-shell" command but getting  invalid command.? ..how can i resolve this . Tried from VM console as well .

nsx-controller # debug os-shell

                 ^^^^^

ERROR:  Invalid command or argument.

Also , i need your help on the another Discussion i raised on how to get  "admin password of NSX Edges " , I know i can get root password from NSX Manager

-> /home/secureall/secureall/sem/WEB-INF/classes/GetSpockEdgePassword.sh

But i want to get admin password.  Changing Cli credentials from GUI times out . Please go though that discussion for me as well .

Get and Change NSX Edges admin Password via API

Waiting for your reply,

Tarun Gupta

Reply
0 Kudos
sk84
Expert
Expert
Jump to solution

is this the root password " cnIXYkP/yKgc/zTyP8f/ " ?

Yes.

if yes , i am not able to login via ssh as root .

As mentioned before, you cannot log in as root via SSH. This is forbidden in sshd_config. Open a local console (because of the special characters I would recommend the VMRC) and log in as root there. Not via SSH.

//EDIT:

I've checked my documentation. There is also another way, which should work in 6.3 and 6.4.

- Get the root password of the controller as mentioned before

- Login as admin user via SSH

- Enter the following command:

: debug os-shell

(Please note there is a colon and space before "debug").

- Enter the controller root password there

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
TarunGuptaAccen
Enthusiast
Enthusiast
Jump to solution

Many Many Many thanks sk84​ . i was able to login via : dubug os-shell.

Just last question  , the documentation you were referring , can i get that ?..is it public document .?

Tarun Gupta

Reply
0 Kudos
sk84
Expert
Expert
Jump to solution

Just last question  , the documentation you were referring , can i get that ?..is it public document .?

It's just my own personal documentation. VMware doesn't want that we work as root on the NSX components. It's not supported by VMware and therefore there is no official documentation. The only exception is a KB article explaining how to get into Engineering Mode on the NSX Manager. But also in this KB article it is mentioned that it is not supported to execute commands as root.

So, the only thing you will find are a few blogposts about it.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
Reply
0 Kudos