Guardium CLI password reset
If you lose the cli or guardcli1 - guardcli9
passwords and cannot log in, follow this procedure to reset the passwords.
Symptoms
You lost the Guardium the cli or guardcli1 - guardcli9 passwords or otherwise cannot log in to the command line interface and need to reset the passwords.
Environment
This condition and its resolution apply to Guardium collectors, aggregators, and central managers as well as to standalone systems.
Resolving the problem
Use the following procedure to reset CLI account passwords:- Open a Guardium VM console and log in as the rescue user. You must use the Guardium console: remote SSH access is not allowed for the rescue account.
- Upon logging in, the console displays a single-use passkey. Record this passkey.
- Contact IBM support and provide the rescue user passkey. IBM will decode the passkey and return a single-use password for the rescue user.
- Log in as the rescue user using the decoded password provided by IBM.
- Reset CLI account passwords using the following command (where
<username>
is cli or guardcli1 - guardcli9):reset password cli_user <username>
Note:
- The rescue user passkey is immediately reset after a successful log in. However, if the console times out before the rescue passkey is decoded and used, simply log in again as the rescue user and the same passkey is displayed.
- The rescue user can also retrieve passkeys or reset passwords for the
root and cloudsupport users using commands equivalent to a standard CLI
account:
Rescue command CLI command show passkey root support show passkey root show passkey cloudsupport support show passkey cloudsupport reset password root support reset-password root reset password cloudsupport support reset-password cloudsupport reset password cli_user n/a