Each NSX virtual appliance comes with a default user account and password.
Note: User account management in the CLI is separate from user account management in the NSX Manager user interface.
User account management in the NSX CLI conforms to these rules:
- You must manage CLI user accounts separately on each NSX virtual appliance. By default, you use the admin user account to log in to the CLI of each NSX virtual appliance.
- The Privileged mode password is managed separately from the admin user account password. The default Privileged mode password is the same for each CLI user account.
- You can create new CLI user accounts. Each created has administrator-level access to the CLI.
Warning: Each NSX virtual appliance has a built-in CLI user account (nobody) for system use. Do not delete or modify this account. If this account is deleted or modified, the virtual machine will not work.
Hardening the CLI of an NSX Virtual Appliance
To harden access to the CLI of an NSX virtual appliance, you must change the admin user account and Privileged mode passwords after initial log-in.
Change the admin user account password
To change the admin user account password:
- Log in to the vSphere Client and select an NSX virtual appliance from the inventory.
- Click the Console tab to open a CLI session.
- Log in to the CLI and switch to Privileged mode:
manager> enable
password:
manager#
- Switch to Configuration mode:
manager# configure terminal
- Change the admin account password:
manager(config)# cli password PASSWORD
- Save the configuration:
manager(config)# write memory
Building Configuration...
Configuration saved.
[OK]
Change the CLI Privileged Mode Password
Note: You can change the Privileged mode password to secure access to the configuration options of the CLI.
To change the Privileged mode password:
- Log in to the vSphere Client and select an NSX virtual appliance from the inventory.
- Click the Console tab to open a CLI session.
- Log in to the CLI and switch to Privileged mode:
manager> enable
password:
manager#
- Switch to Configuration mode:
manager# configure terminal
- Change the Privileged mode password:
manager(config)# enable password PASSWORD
- Save the configuration:
manager(config)# write memory
Building Configuration...
Configuration saved.
[OK]
- Run the exit command twice to log out of the CLI:
manager(config)# exit
manager# exit
- Log in to the CLI and switch to Privileged mode by using the new password:
manager> enable
password:
manager#
Add a CLI User Account
You can add CLI user accounts for each NSX virtual appliance.
To add a CLI user account:
- Log in to the vSphere Client and select an NSX virtual appliance from the inventory.
- Click the Console tab to open a CLI session.
- Log in by using the admin account:
manager login: admin
password:
manager>
- Switch to Privileged mode:
manager> enable
password:
manager#
- Switch to Configuration mode:
manager# configure terminal
- Add a user account:
manager(config)# user abc password plaintext PASSWORD
-
Save the configuration:
manager(config)# write memory
Building Configuration...
Configuration saved.
[OK]
-
Exit the CLI:
manager(config)# exit
manager# exit
Delete the admin User Account from the CLI
Note: Do not delete the admin user account until you add a user account to replace the admin account. This prevents you from being locked out of the CLI.
To delete the admin user account:
- Log in to the vSphere Client and select an NSX virtual appliance from the inventory.
- Click the Console tab to open a CLI session.
- Log in by using a user account other than admin.
- Switch to Privileged mode:
manager> enable
password:
manager#
- Switch to Configuration mode:
manager# configure terminal -
Delete the admin user account:
manager(config)# no user admin
- Save the configuration.
manager(config)# write memory
Building Configuration...
Configuration saved.
[OK]
-
Run the exit command twice to log out of the CLI:
manager(config)# exit
manager# exit
For more information, see Create a User with Web Interface Access Using CLI