Cisco Cisco Expressway Maintenance Manual
Using the Root Account
The Expressway provides a root account which can be used to log in to the Expressway operating system. This
account has a username of root (all lower case) and a default password of TANDBERG (all upper case). For security
reasons you must change the password as soon as possible. An alarm is displayed on the web interface and the CLI if
the root account has the default password set.
account has a username of root (all lower case) and a default password of TANDBERG (all upper case). For security
reasons you must change the password as soon as possible. An alarm is displayed on the web interface and the CLI if
the root account has the default password set.
Note:
the root account may allow access to sensitive information and it should not be used in normal operation, and
in particular system configuration should not be conducted using this account. Use the admin account instead.
Changing the Root Account Password
To change the password for the root account:
1.
Log in to the Expressway as root using the existing password. By default you can only do this using a serial
connection or SSH.
connection or SSH.
2.
Type the command passwd.
You will be asked for the new password.
You will be asked for the new password.
3.
Enter the new password and when prompted, retype the password.
4.
Type exit to log out of the root account.
Accessing the Root Account Over SSH
The root account can be accessed over a serial connection or SSH only.
To enable and disable access to the root account using SSH:
1.
Log in to the Expressway as root.
2.
Type one of the following commands:
—
rootaccess --ssh on
to enable access using SSH
—
rootaccess --ssh off
to disable access using SSH
3.
Type exit to log out of the root account.
If you have disabled SSH access while logged in using SSH, your current session will remain active until you log out,
but all future SSH access will be denied.
but all future SSH access will be denied.
Managing SSO tokens
Go to Users > SSO token holders to view the list of users who currently hold SSO tokens. This page can help you
troubleshoot issues related to single sign-on for a particular user.
troubleshoot issues related to single sign-on for a particular user.
You can also use this page to Purge tokens from all holders. This option is probably disruptive for your users so
make sure you need it before you proceed. You may need it, for example, if you know your security is compromised,
or if you are upgrading internal or edge infrastructure.
make sure you need it before you proceed. You may need it, for example, if you know your security is compromised,
or if you are upgrading internal or edge infrastructure.
To manage the tokens of a particular user:
1.
[Optional] Filter by a substring of the username to return a smaller list.
You may need this if there are many usernames in the list, because a long list spans multiple pages of up to
200 usernames each.
200 usernames each.
2.
Click a username to see the detail of the tokens held by that user.
The SSO tokens for user <Username> page appears, listing details of the tokens issued to that user. The
details include the token issuer and expiry.
details include the token issuer and expiry.
182
Cisco Expressway Administrator Guide