Back to Blog
Web password wizard serial5/6/2023 ![]() SafeNet Network HSM 6.2.2 Product DocumentationĠ07-011136-012 Rev. public key authentication (you cannot access 'recover' via SSH anyway) Note:The recover account does not have the following: If SSH service is still not available, contact Technical Support. ![]() If you encounter the problem, reconnect a local terminal and log into the Recover account again, this time allowing it to complete the full process, ending with a proper, non-default password. If you cancel out partway through the process in order to retain the default password, instead of changing it when prompted, you might find that you no longer have SSH access. Interrupting the process and avoiding the password change leaves SSH service OFF at boot time. The SSH service is re-enabled only after the password is changed. We do this to prevent the appliance 'admin' account from being accessible over the network with a known password. To prevent the admin account being accessible over the network with a known password during the recover procedure, SSH is disabled when the recover process begins. Use of the Recover account sets the password of the 'admin' account back to the factory value, and then forces a password change.ĭo not attempt to bypass the password change. See the "Warning" text at the beginning of the recover dialog, above. Passwords have been changed from their default values. Manually restarting services from the local (serial) console, until all Resumption would be to reboot the system, which causes all services to Service is stopped and other services are affected. Remember and secure the 'admin' password). If you believe that your SafeNet HSM server has notīeen compromised, you can resume using it as before (taking care to both You are prompted to change the 'admin' password for the appliance. Is used, from the SafeNet PED, and no PED Key is required. Prior to resetting the admin password, then the default HSM SO authentication Note:If you have already initialized the HSM, then you are promptedįor the appropriate blue PED Key. Successfully performed admin password recovery. Starting sshd:WARNING: initlog is deprecated and will be removed in a future release Passwd: all authentication tokens updated successfully.ĭetermining IP information for eth0… failed.ĭetermining IP information for eth1. Password with characters from at least 3 of these 4 classes.Īn upper case letter that begins the password and a digit thatĮnds it do not count towards the number of character classes used. ![]() Will proceed to recover admin password.Ī valid password should be a mix of upper and lower case letters,ĭigits, and other characters. If you are sure you wish to continue, type ‘proceed’, otherwise hit ENTER to abort. Will be re-enabled and restarted only if the recover process is successful. Service, reset the admin password to the default and thenįorce you to change admin password from default before restarting the WARNING !! The recover function will stop the network interface, disable SSH Terminal to the serial console connector on the SafeNet HSM server front What to do if you ever forget or lose the admin passwordĪvailable, and the SafeNet PED connected, powered on, and "AwaitingĬommand.", for PED authenticated (FIPS 140-3) HSMs, or have the HSM password available for password authenticated HSMs. However, connection of your SafeNet appliances to a remotely accessible terminal server could expose an additional avenue of attack, and therefore we suggest that you always avoid allowing such a potential security opening in a production environment. We do that in a test lab, where access control is not critical, and it can be very convenient when we are constantly setting up and tearing down appliances and HSM hosts for various test and verification scenarios. The 'admin' user's account password can be changed remotely by anyone who already knows it, but the 'admin' user's password cannot be arbitrarily reset unless the person doing so has physical access to the appliance, to make the serial connection.ĬAUTION:The exception to the "physical access to the appliance" statement is where you have your appliances connected to a "terminal server" that aggregates serial links and makes them accessible via telnet or similar.
0 Comments
Read More
Leave a Reply. |