cancel
Showing results for 
Search instead for 
Did you mean: 

admin account lost ssh access to appliance

gcgagnon
Level 3

was working on 3.1.2 appliance yesterday and believe accidently locked out account. luckily several of us have admin accounts and can still get in.

when trying to ssh in now get an "access denied". tried to login in directly from the console and that indicates "incorrect login".

I tried to reset, change the password (and unlock) the admin password and it indicated completed successfully. but regardless get the same error messages when trying to log in.

always able to log into the netbackup admin console with the new password just the appliance fails.

I'll be checking the logs the next time I'm in

anyone else see this problem?

1 ACCEPTED SOLUTION

Accepted Solutions

Not sure why the password reset was not working but the account did unlock after 7 days and I was able to get in after that.

View solution in original post

6 REPLIES 6

jnardello
Moderator
Moderator
   VIP    Certified

Since you have other accounts that can still get in (and good on you for that choice!), check the /var/log/secure file. What reason is it giving for denying the account ? The /var/log/messages file may have some hints as to the problem as well (but secure is more likely).

You might also try running "chage -l admin" to see if it's showing an expired account or password.

 

No reason givin for the access denied. Just receive that message when trying to ssh in using putty with the admin account. Nothing was changed with ssh access. Normally that's set up in the sshd_config file at least I'm aware in Linux but not sure about the netbackup appliance. 

I'm not able to get in and check today but will pass on the find when I can

jnardello
Moderator
Moderator
   VIP    Certified

Odd. In that case I'd recommend starting with something simple - reset the admin account password again just to make sure you know it's actually set to what you think it is, maybe even going so far as to type it into notepad first and then paste it out of there; it always sucks to spend hours troubleshooting because of a typo.
In that same vein, "access denied" is an OS security error, not something from the CLISH. Meaning password, account locking, too many retries, etc.

You may also want to try just switching to the admin account from one of your other accounts (# su - admin), just to validate that the account itself is intact (regardless of password). If the switch fails that takes passwords out of the equation.

Yes I always copy into notepad first :)

We tried resetting the PW several times and each time indicates successful. The Netbackup Admin Console does reflect the new password change and able to log in there. So I assume that admin account is the same for both the Netbackup Admin Console GUI and the ssh into the Appliance using the admin account.

The Netbackup Admin console works with the admin account but ssh into the appliance doesn't. That would indicate that the admin account is intact correct? If the admin account is the same for both.

The switching to the admin account from another, I know how/what to do there, but not sure about doing on the appliance we normally do an IPS overide and elevate to get the linux prompt. 

 

sdo
Moderator
Moderator
Partner    VIP    Certified

Another thing to watch out for is the difference between language based keyboards verus ISO keyboards.  e.g.if you have " and/or @ in your password then you may want to try alternating, or, simply as a test avoid using as much punctuation as possible.

Not sure why the password reset was not working but the account did unlock after 7 days and I was able to get in after that.