The root user (ssgconfig) account for the CA API Gateway is used to provide complete administrative access to the host operating system (OS) of the CA API Gateway appliance. As such, access to this account should be limited and regulated, and the password maintained securely outside of the CA API Gateway appliance. This article is targeted for the most current version of the CA API Gateway. The process may differ from older revisions of the CA API Gateway appliance.
API Gateway versions 9.x, 10.x, 11.x
This is a Knowledge article describing how to change as well to reset the root account password.
If the root password is known but needs to be changed for administrative purposes then the following process can be executed:
The password will have been changed to the confirmed credentials.
If the password is unknown then it will need to be reset in an emergency maintenance mode that bypasses the standard boot process. This requires direct console access. The process to reset the password is as follows:
The password for the root account will now be set to the value specified in step 12 above. Subsequent authentication attempts will require this new password after the system is restarted.
1. Connect to the CA API Gateway via a serial cable or direct console access
2. Restart the CA API Gateway appliance
3. Access the GRUB by pressing 'e' when the following screen is visible:
CentOS Linux (3.10.0-1062.12.1.el7.x86_64) 7 (Core)
Use the up and down arrow keys to change the selection.
Press ‘e’ to edit the selected item, or ‘c’ for a command prompt
4. Position the cursor at the Kernel Line
The line which starts with : linux16 /vmlinuz-3.10..
with the right arrow key move until the end of this line to replace the following : LANG=en_US.UTF-8
5. Depending on what you see on the screen, replace:
LANG=en_US.UTF-8 audit=1
with:
LANG=en_US.UTF-8 audit=1 init=/bin/bash
--OR--
Replace:
LANG=en_US.UTF-8 rhgb quiet console=tty0 console=ttyS0,9600n8 audit=1
with:
LANG=en_US.UTF-8 audit=1 init=/bin/bash
6. Press Ctrl-x to Start and save the changes , it will be showed a “bash-4.2#” prompt to continue the procedure
7. Mount the root file system with the following command: mount -o remount,rw /
8. Change the root user password with the following command and follow the prompts: passwd
9. Re-mount the root file system with the following command: mount -o remount,ro /
10. Save the changes and restart the appliance: sync;
11. type exit and the server will start to reboot in 10 seconds
The password for the root account will now be set to the value specified in step 8 above. Subsequent authentication attempts will require this new password after the system is restarted.
1. Connect to the CA API Gateway via a serial cable or direct console access
2. Restart the CA API Gateway appliance
3. Access the GRUB by pressing 'e' when the following screen is visible:
Debian GNU/Linux with linux 5.10.0-20-amd64
Use the up and down arrow keys to change the selection.
Press ‘e’ to edit the selected item, or ‘c’ for a command prompt
4. Position the cursor at the Kernel Line
The line which starts with : linux /vmlinuz-5.10..
with the right arrow key move until the end of this line:
5. Depending on what you see on the screen, replace:
/vmlinuz-5.10.0-20-amd64 root=dev/mapper/vg01-lvroot ro quiet
with:
/vmlinuz-5.10.0-20-amd64 root=dev/mapper/vg01-lvroot ro quiet init=/bin/bash
6. Press Ctrl-x to Start and save the changes , it will be showed a “bash-4.2#” prompt to continue the procedure
7. Mount the root file system with the following command: mount -o remount,rw /
8. Change the root user password with the following command and follow the prompts: passwd
9. Re-mount the root file system with the following command: mount -o remount,ro /
10. Save the changes and restart the appliance: reboot -f
The password for the root account will now be set to the value specified in step 8 above. Subsequent authentication attempts will require this new password after the system is restarted.
If the root password is unknown and the account is locked due to too many failed authentication attempts then the following error message may appear: Account locked due to 5 failed logins. If this error occurs then the root account will need to be unlocked. By default, the root account will unlock after 20 minutes of inactivity. The simplest method of unlocking the root account is to not attempt to access it for a period of 20 minutes.
If it is necessary to immediately unlock the root account then the following procedure can be executed:
The root user will be immediately available as long as a valid root user password is provided.
The CA API Gateway product documentation has additional troubleshooting steps for other default user accounts such as ssgconfig and the MySQL root user account (which is different from the OS-level root user account).