VMware
 

Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

Securing vShield Zones CLI user accounts and the Privileged mode

Details

The CLI admin account and password are separate from the vShield Manager user interface admin account and password. You should create a new CLI user account and remove the admin account to secure access to the CLI.
 
Also, you should change the Privileged mode password for each vShield Zones virtual appliance. The CLI admin account password and the Privileged mode password are managed separately. The Privileged mode password is the same for each CLI user account.
 
IMPORTANT: Each vShield Zones virtual appliance has two built-in CLI user accounts for system use: nobody and vs_comm. Do not delete or modify these accounts. If these accounts are deleted or modified on a vShield Zones virtual appliance, the virtual appliance will not work.

Solution

User account management in the vShield Zones CLI conforms to the following rules:
  • You can create CLI user accounts. Each created user account has administrator-level access to the CLI.
  • You cannot change the password for any CLI user account. If you need to change a CLI user account password, you must delete the user account, and then re-add it with a new password.

You can change the Privileged mode password at any time.

To secure CLI access to each vShield Zones virtual appliance, you should add a user account with a secure password and delete the admin account on each vShield Zones virtual appliance.
  1. Log in to the vSphere Client
  2. Select a vShield Zones virtual appliance from the inventory.
  3. Click the Console tab to open a CLI session.
  4. Log in by using the admin account.

    manager login: admi n
    password:

  5. Enable Privileged mode.

    manager> enable
    password:

  6. Enable Configuration mode.

    manager# configure terminal

  7. Add a new user account. The following command creates the user account root with the password abcd1234.

    manager(config)# user root password plaintext abcd1234

  8. Save the configuration.
    manager(config)# write memory
    Building Configuration...
    Configuration saved.
    [OK]
  9. Run the exit command twice to log out of the CLI.
    manager(config)# exit
    manager# exit
  10. Log in to the CLI by using the root user account.
  11. Enable Privileged mode.
  12. Enable Configuration mode.
  13. Delete the admin user account.

    manager(config)# no user admin

  14. Save the configuration.
  15. Run the exit command twice to log out of the CLI.
To change the Privileged mode password:
  1. Log in to the vSphere Client.
  2. Select a vShield Zones virtual appliance from the inventory.
  3. Click the Console tab to open a CLI session.
  4. Log in to the CLI.
  5. Enable Privileged mode.
  6. Enable Configuration mode.
  7. Change the Privileged mode password. The following command changes the password to abcd1234.

    manager(config)# enable password plaintext abcd1234

  8. Save the configuration.
  9. Run the exit command twice to log out of the CLI.
  10. Log in to the CLI.
  11. Enable Privileged mode by using the new password.

Feedback

Rate this article:
(0 Ratings)

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
Email address (optional)
Submit
Rate this article:
(0 Ratings)
Actions
  • KB Article: 1012479
  • Updated: Aug 14, 2009
  • Products:
    VMware vShield Zones
  • Product Versions:
    VMware vShield Zones 1.0.x