• You must manage CLI user accounts separately on each NSX virtual appliance. By default, you use the admin user account to log in to the CLI of each NSX virtual appliance.
• The Privileged mode password is managed separately from the admin user account password. The default Privileged mode password is the same for each CLI user account.
• You can create new CLI user accounts. Each created has administrator-level access to the CLI.

Warning: Each NSX virtual appliance has a built-in CLI user account (nobody) for system use. Do not delete or modify this account. If this account is deleted or modified, the virtual machine will not work.

Hardening the CLI of an NSX Virtual Appliance

To harden access to the CLI of an NSX virtual appliance, you must change the admin user account and Privileged mode passwords after initial log-in.

Change the admin user account password

To change the admin user account password:

1. Log in to the vSphere Client and select an NSX virtual appliance from the inventory.
2. Click the Console tab to open a CLI session.
3. Log in to the CLI and switch to Privileged mode:
   
   manager> enable
   password:
   manager#
    
4. Switch to Configuration mode:
   
   manager# configure terminal
    
5. Change the admin account password:
   
   manager(config)# cli password PASSWORD
    
6. Save the configuration:
   
   manager(config)# write memory
   Building Configuration...
   Configuration saved.
   [OK]
    

Note: You can change the Privileged mode password to secure access to the configuration options of the CLI.

To change the Privileged mode password:

1. Log in to the vSphere Client and select an NSX virtual appliance from the inventory.
2. Click the Console tab to open a CLI session.
3. Log in to the CLI and switch to Privileged mode:
   
   manager> enable
   password:
   manager#
    
4. Switch to Configuration mode:
   
   manager# configure terminal
    
5. Change the Privileged mode password:
   
   manager(config)# enable password PASSWORD
    
6. Save the configuration:
   
   manager(config)# write memory
   Building Configuration...
   Configuration saved.
   [OK]
    
7. Run the exit command twice to log out of the CLI:
   
   manager(config)# exit
   manager# exit
    
8. Log in to the CLI and switch to Privileged mode by using the new password:
   
   manager> enable
   password:
   manager#

Add a CLI User Account

You can add CLI user accounts for each NSX virtual appliance.

To add a CLI user account:

1. Log in to the vSphere Client and select an NSX virtual appliance from the inventory.
2. Click the Console tab to open a CLI session.
3. Log in by using the admin account:
   
   manager login: admin
   password:
   manager>
    
4. Switch to Privileged mode:
   
   manager> enable
   password:
   manager#
    
5. Switch to Configuration mode:
   
   manager# configure terminal
    
6. Add a user account:

   manager(config)# user abc password plaintext PASSWORD

7. Save the configuration:
   
   manager(config)# write memory
   Building Configuration...
   Configuration saved.
   [OK]

8. Exit the CLI:
   
   manager(config)# exit
   manager# exit

Delete the admin User Account from the CLI

Note: Do not delete the admin user account until you add a user account to replace the admin account. This prevents you from being locked out of the CLI.

To delete the admin user account:

1. Log in to the vSphere Client and select an NSX virtual appliance from the inventory.
2. Click the Console tab to open a CLI session.
3. Log in by using a user account other than admin.
4. Switch to Privileged mode:
   
   manager> enable
   password:
   manager#
    
5. Switch to Configuration mode:
   
   manager# configure terminal

6. Delete the admin user account:
   
   manager(config)# no user admin

7. Save the configuration.

   manager(config)# write memory
   Building Configuration...
   Configuration saved.
   [OK]

8. Run the exit command twice to log out of the CLI:
   
   manager(config)# exit
   manager# exit
   
   For more information, see Create a User with Web Interface Access Using CLI​