1 Reply Latest reply on May 3, 2020 3:10 PM by RaymundoEC

    NSX-T 2.5 Edge - root pw not set permanently after passwd reset

    Czernobog Hot Shot

      I need to do a password reset on a few NSX-T Edge Appliances. The Appliances were upgraded in the past from older 2.x versions.

      I've used the standard reset procedure from the documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.5/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html

      Resetting the Passwords of an Appliance

       

      This does not seems to work correctly.

      I'Ve reset both the root and admin account passwords.

      I've logged in using admin and activated ssh. Then I've logged in again using admin and reset the password expiry for all acounts.

      Logging in with root via ssh, using the newly set password, fails!

      I redid the procedure for the root password only, after the reboot I still cannot log in with root using ssh, however I can using the VMRC (console).

      While logged in via console, I did a passwd & sync, but this did not allow me to log in with ssh.

       

      Note: what prompted me to do the change was, that in the upgrade process to 3.0 a few applainces had their /var/log folder run full. After resetting the root pw and logging in with root via console, I've cleared most of the folder and rebooted the appliance. This did not help with the login issue.

       

      edit:

      Solved! My dumb ass forgot to allow root to ssh login in the sshd config. I forgot this was not set in some of the older applainces.

        • 1. Re: NSX-T 2.5 Edge - root pw not set permanently after passwd reset
          RaymundoEC Hot Shot
          vExpertVMware Employees

          I had a similar problem a long timer ago, I use this info from a GitHub issue on PKS combined with vmware docs:

           

          1. Login to nsxt manager prompt with username: admin password: UrPassword!
          2. Enter the command set user admin password TempPasswd1! you will be prompted to enter the current password - Notice on this - at this time the current password is still UrPassword! as the new password you entered when prompted at login does not permanently apply until you enter this command.
          3. Enter the command exit at the prompt to log out, and log back in again with username: admin password: TempPasswd1!
          4. Enter the command set user admin password UrPassword!, you will be prompted to enter your current password: TempPasswd1!
          5. Enter the command exit at the prompt to log out, and log back in again with username: admin password: UrPassword!
          6. Issue these commands as well set user admin password-expiration 9999 and clear user admin password-expiration  9999

           

          hope this helps!