8 Replies Latest reply on Apr 22, 2019 5:28 AM by sk84

    Change NSX Controller Root password

    TarunGuptaAccenture Novice

      Hi Team ,

         We are using NSX version 6.3.2 .   Root login is not working on NSX Controller. It does not even ask for Password in Console.

      When i do ssh to controller , i am trying root/Vmware  but not able to login . 

       

      1.  i am able to login as admin user . How can i reset root password.

      2. Where does it ask  for root password at the time of NSX Controller deployment ?

        • 1. Re: Change NSX Controller Root password
          lmoglie Enthusiast
          vExpert

          Hi,

          During the deploy of the first controller the system ask to you to insert the password only once.... if you will forgot the password of the controllers you can change the password following link "Change Controller Password".

           

          If you need to reset the password of the NSX Manager is another story just let me know and I will show you.

           

          Regards

          LM

          • 2. Re: Change NSX Controller Root password
            lmoglie Enthusiast
            vExpert

            Hi,

            I forgot to say that only "admin" is available to standard users, remember that is a busy box.

            Regards

            LM

            • 3. Re: Change NSX Controller Root password
              TarunGuptaAccenture Novice

              Hi lmoglie,

                Thanks for reply  but that password is the Cluster controller password  which is admin user password ..it is not root password.

               

              I want to login as root so that i can see the file system and run other commands . Correct me if wrong.

               

              Tarun Gupta

              • 4. Re: Change NSX Controller Root password
                sk84 Expert
                vExpert

                By default, only the admin user is available for remote logins on all NSX components. VMware does not want you to be able to log in directly as root and access the Linux shell via a remote console. In addition, the root passwords for all NSX components are automatically generated during deployment and stored on the NSX Manager.

                 

                Therefore as a warning:
                Accessing the Linux shell as root user and executing commands is not supported by VMware! This is valid for all NSX components.

                 

                If you still want to do it, you must first log on to the NSX Manager as admin user and switch to Engineering Mode (see VMware Knowledge Base ).

                Once you are root there, you can use the following command to display the generated root passwords for the NSX controllers:

                /home/secureall/secureall/sem/WEB-INF/classes/GetNvpApiPassword.sh controller-nn

                (Replace controller-nn with the controller id. For example: controller-12)

                 

                Now you can log on as "root" user in a local shell of a nsx controller. The root login is disabled for SSH.

                 

                This is the undocumented and unofficial process for NSX 6.4. I am not sure if it is the same for NSX 6.3, because in an earlier version you had to use the command "debug os-shell" in the enable mode of an nsx controller to switch to root.

                • 5. Re: Change NSX Controller Root password
                  TarunGuptaAccenture Novice

                  hi sk84:

                    Thanks a lot buddy .  Please help me below :

                   

                  root@annwprenx001 ~]# /home/secureall/secureall/sem/WEB-INF/classes/GetNvpApiPassword.sh controller-8

                  - Refreshing org.springframework.context.support.FileSystemXmlApplicationContext@19b1ebe5: startup date [Thu Apr 18 18:08:55 BST 2019]; root of context hierarchy

                  - Loading XML bean definitions from file [/home/secureall/secureall/sem/WEB-INF/spring/get-nvpapi-password-config.xml]

                  - Loading XML bean definitions from file [/home/secureall/secureall/sem/WEB-INF/spring/db-config.xml]

                  - Loading properties file from file [/home/secureall/secureall/sem/WEB-INF/spring/vsmConfig.properties]

                  - Loading properties file from file [/home/secureall/secureall/sem/WEB-INF/spring/jdbc.properties]

                  - JSR-330 'javax.inject.Inject' annotation found and supported for autowiring

                  - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@7a13f4c: defining beans [dataSource,org.springframework.context.support.PropertySourcesPlaceholderConfigurer#0,configProperties,org.springframework.context.support.PropertySourcesPlaceholderConfigurer#1,AESEncryptDecrypt,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,getNVPAPIPasswordUtil,org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor]; root of factory hierarchy

                  cnIXYkP/yKgc/zTyP8f/

                   

                  1. is this the root password " cnIXYkP/yKgc/zTyP8f/ " ?

                  2.  if yes , i am not able to login via ssh as root . I am  logged in as admin and running "debug os-shell" command but getting  invalid command.? ..how can i resolve this . Tried from VM console as well .

                   

                  nsx-controller # debug os-shell

                                   ^^^^^

                  ERROR:  Invalid command or argument.

                   

                   

                  Also , i need your help on the another Discussion i raised on how to get  "admin password of NSX Edges " , I know i can get root password from NSX Manager

                  -> /home/secureall/secureall/sem/WEB-INF/classes/GetSpockEdgePassword.sh

                  But i want to get admin password.  Changing Cli credentials from GUI times out . Please go though that discussion for me as well .

                  Get and Change NSX Edges admin Password via API

                   

                  Waiting for your reply,

                   

                  Tarun Gupta

                  • 6. Re: Change NSX Controller Root password
                    sk84 Expert
                    vExpert

                    is this the root password " cnIXYkP/yKgc/zTyP8f/ " ?

                    Yes.

                     

                    if yes , i am not able to login via ssh as root .

                    As mentioned before, you cannot log in as root via SSH. This is forbidden in sshd_config. Open a local console (because of the special characters I would recommend the VMRC) and log in as root there. Not via SSH.

                     

                    //EDIT:

                    I've checked my documentation. There is also another way, which should work in 6.3 and 6.4.

                     

                    - Get the root password of the controller as mentioned before

                    - Login as admin user via SSH

                    - Enter the following command:

                    : debug os-shell

                    (Please note there is a colon and space before "debug").

                     

                    - Enter the controller root password there

                    • 7. Re: Change NSX Controller Root password
                      TarunGuptaAccenture Novice

                      Many Many Many thanks sk84 . i was able to login via : dubug os-shell.

                       

                      Just last question  , the documentation you were referring , can i get that ?..is it public document .?

                       

                      Tarun Gupta

                      • 8. Re: Change NSX Controller Root password
                        sk84 Expert
                        vExpert

                        Just last question  , the documentation you were referring , can i get that ?..is it public document .?

                        It's just my own personal documentation. VMware doesn't want that we work as root on the NSX components. It's not supported by VMware and therefore there is no official documentation. The only exception is a KB article explaining how to get into Engineering Mode on the NSX Manager. But also in this KB article it is mentioned that it is not supported to execute commands as root.

                         

                        So, the only thing you will find are a few blogposts about it.