Recovering the Admin Account Password
The recover account is a limited-purpose account that has the permanent (fixed) password "PASSWORD". The recover account's only purposes are:
> to reset the password of the admin user, if the admin password is lost/forgotten, or
>to reset the entire SafeNet Luna Network HSM appliance to blank condition (all passwords are reset, contents and certificates are erased, and partitions are removed).
As a security measure, recover can log in via the local serial connection only. The admin user's account password can be changed remotely by anyone who already knows it, but the admin user's password cannot be arbitrarily reset unless the person doing so has physical access to the appliance, to make the serial connection.
CAUTION! The exception to this rule is where you have your appliances connected to a "terminal server" that aggregates serial links and makes them accessible via telnet or similar. This configuration is useful in a test lab, where access control is not critical, and it can be very convenient when setting up and tearing down appliances for various test and verification scenarios. However, connection of your SafeNet appliances to a remotely accessible terminal server could expose an additional avenue of attack, and therefore Thales recommends that you avoid allowing this potential security opening in a production environment.
The recover account cannot be locked out, and its default password does not expire.
To reset the admin account password
1.Connect a serial terminal to the serial console connector on the SafeNet Luna Network HSM rear panel.
2.Log in to LunaSH as recover, using the fixed password "PASSWORD".
NOTE If the HSM is initialized, you are required to present the HSM Security Officer (SO) credential. Therefore, only the SO can perform this operation. If you have not initialized the HSM prior to resetting the admin password, then no credential is required.
You are prompted to set a new admin password (see Do Not Cancel Out).
myLuna login: recover
Password:
Last login: Fri May 4 15:42:31 on ttyS0
WARNING !! The recover function will stop the network interface, disable SSH
service, reset the admin password to the default and then
force you to change admin password from default before restarting the
network interface and SSH service. Network interface and SSH service
will be re-enabled and restarted only if the recover process is successful.
If you are sure you wish to continue, type 'proceed', otherwise hit ENTER to abort.
proceed
Proceeding ...
Please enter the HSM Administrators' password:
> ********
'hsm login' successful.
Stopping sshd: [ OK ]
Changing password for user admin.
You can now choose the new password.
The password must be at least 8 characters long.
The password must contain characters from at least 3 of the following 4 categories:
- Uppercase letters (A through Z)
- Lowercase letters (a through z)
- Numbers (0 through 9)
- Non-alphanumeric characters (such as !, $, #, %)
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Starting sshd: [ OK ]
Successfully performed admin password recovery. Exiting...
If you believe that your SafeNet Luna Network HSM has not been compromised, you can resume using it as before (taking care to both remember and secure the admin password).
Do Not Cancel Out
See the "Warning" text at the beginning of the recover dialog above. Use of the recover account sets the password of the admin account back to the factory value, and then forces a password change. Do not attempt to bypass the password change.
To prevent the admin account being accessible over the network with a known password during the recover procedure, SSH is disabled when the recover process begins. The SSH service is re-enabled only after the password is changed. Interrupting the process and avoiding the password change leaves SSH service off at boot time. If you cancel out partway through the process in order to retain the default password, instead of changing it when prompted, you might find that you no longer have SSH access.
If you encounter the problem, reconnect a local terminal and log into the recover account again, this time allowing it to complete the full process, ending with a proper, non-default password. If SSH service is still not available, contact Technical Support.
CAUTION! During recovery, the network service is stopped and other services are affected. The minimum-effort resumption would be to reboot the system, which causes all services to restart with current configuration. However, for safety, you should consider manually restarting services from the local (serial) console, until all passwords have been changed from their default values.