|
Home > |
|---|
The 'recover' account is a limited-purpose account that has the permanent (or fixed) password "PASSWORD". The 'recover' account's only purposes are:
• to reset the password of the 'admin' user, if the 'admin' password is lost/forgotten, or
•to reset the entire SafeNet Luna Network HSM appliance to blank condition (all passwords are reset, any contents [including any certificates] are erased and any partitions are removed).
As a security measure, 'recover' can login only via the local serial connection. The 'admin' user's account password can be changed remotely by anyone who already knows it, but the 'admin' user's password cannot be arbitrarily reset unless the person doing so has physical access to the appliance, to make the serial connection.
The recover account does not have the following:
•Lockout
•Password expiry
•Public key authentication (you cannot access 'recover' via SSH anyway)
•SSH access
•Changeable password
CAUTION: The exception to the "physical access to the appliance" statement is where you have your appliances connected to a "terminal server" that aggregates serial links and makes them accessible via telnet or similar. We do that in a test lab, where access control is not critical, and it can be very convenient when we are constantly setting up and tearing down appliances and HSM hosts for various test and verification scenarios. However, connection of your SafeNet appliances to a remotely accessible terminal server could expose an additional avenue of attack, and therefore we suggest that you always avoid allowing such a potential security opening in a production environment.
1.Have the blue SO PED key available, and the Luna PED connected, powered on, and in Local PED-USB mode (see Changing Modes), for PED authenticated HSMs, or have the HSM password available for password authenticated HSMs.
2.Connect a serial terminal to the serial console connector on the SafeNet Luna Network HSM rear panel.
3.Login as "recover".
myluna login: recover
Password:
Last login: Wed Apr 13 10:21:37 on ttyS0
WARNING !! The recover function will stop the network interface, disable SSH
service, reset the admin password to the default and then
force you to change admin password from default before restarting the
network interface and SSH service. Network interface and SSH service
will be re-enabled and restarted only if the recover process is successful.
If you are sure you wish to continue, type ‘proceed’, otherwise hit ENTER to abort.
proceed
Proceeding ...
HSM is zeroized. Will proceed to recover admin password.
Stopping sshd:[ OK ]
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Changing password for user admin.
You can now choose the new password.
A valid password should be a mix of upper and lower case letters,
digits, and other characters. You can use an 8 character long
password with characters from at least 3 of these 4 classes.
An upper case letter that begins the password and a digit that
ends it do not count towards the number of character classes used.
Enter new password:
Re-type new password:
passwd: all authentication tokens updated successfully.
Bringing up lookback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0… failed.
[FAILED]
Bringing up interface eth1:
Determining IP information for eth1.. failed; no link present. Check cable?
[FAILED]
Starting sshd:WARNING: initlog is deprecated and will be removed in a future release
[ OK ]
Successfully performed admin password recovery. Exiting …
Note: If you have already initialized the HSM, then you are prompted for the appropriate blue PED key. If you have not initialized the HSM prior to resetting the admin password, then the default HSM SO authentication is used, from the Luna PED, and no PED key is required.
4.Login as 'admin'. You are prompted to change the 'admin' password.
5.Change the 'admin' password.
If you believe that your SafeNet Luna HSM server has not been compromised, you can resume using it as before (taking care to both remember and secure the 'admin' password).
See the "Warning" text at the beginning of the recover dialog, above. Use of the Recover account sets the password of the 'admin' account back to the factory value, and then forces a password change. Do not attempt to bypass the password change.
To prevent the admin account being accessible over the network with a known password during the recover procedure, SSH is disabled when the recover process begins. The SSH service is re-enabled only after the password is changed. Interrupting the process and avoiding the password change leaves SSH service off at boot time. If you cancel out partway through the process in order to retain the default password, instead of changing it when prompted, you might find that you no longer have SSH access.
If you encounter the problem, reconnect a local terminal and log into the Recover account again, this time allowing it to complete the full process, ending with a proper, non-default password. If SSH service is still not available, contact Technical Support.
CAUTION: During recovery, the network service is stopped and other services are affected. The minimum-effort resumption would be to reboot the system, which causes all services to restart with current configuration. However, for safety, you should consider manually restarting services from the local (serial) console, until all passwords have been changed from their default values.