Changing the default root password in RecoverPoint product family systems
It is a security best practice to change default system passwords to strong and unique values. Similar to other Linux appliances, root is the most privileged user in the RPA/vRPA.
The root level user has access to all commands and files on the RPA/vRPA and should be only given to trusted users in your organization. Remote login for the root account is disabled by default in RecoverPoint and Dell EMC recommends against changing this default setting for security reasons.
In newer versions of RecoverPoint and RecoverPoint for VMs, customers can self-manage the root password. For older versions, the customer should contact Customer Support for assistance.
Product-level solution for versions of RecoverPoint 5.1.2 and RecoverPoint for VMs 5.1.1.4 and later
Beginning with RecoverPoint 5.1.2 and RecoverPoint for VMs 5.1.1.4, the current password for admin user also serves as a password for root user (default vendor password for admin user is used as password for root user for any new installations). Dell EMC recommends customers upgrade to these versions and follow your organization s password policy to set a strong password for these accounts. In order to update the password, login as admin user through ssh and use the set_password command.
Customer Support assisted solution RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs 5.1.1.4
To change the default password for root account in versions prior to 5.1.2 (RP)/ 5.1.1.4 (RP4VMs), follow the procedure outlined below.
- Change the default password to root:
- Contact Dell EMC Customer Support (CS) by creating a Service Request to initiate password change process.
- Provide CS the internal cluster name and the product version of every cluster in your system. For each cluster use the following CLI commands:
- get_version for getting the cluster version.
- "get_internal_cluster_name -n" for getting the internal cluster names.
- CS will provide encoded script for root password change. The script will expire after one week.
- After you receive the script, do the following for every RPA in every cluster of your system
- Login as boxmgmt user
- Select the following menu options to run the encoded script:
Setup -> Advanced options -> System internal operations -> Run script
- Paste the script content and click Enter
- Change the password from root to a unique and strong password. Do the following for every RPA in every cluster of your system:
- Enable remote ssh access
- Login as boxmgmt user
- Select the following menu options to enable remote connection:
Setup -> Advanced options -> Security options -> Enable/Disable remote connection -> Answer y to enable remote access
- Use the password root to log in to an RPA as the root user
- Use the passwd command to type a unique and strong password. Please follow your organization s password policy to set a strong password.
- Disable remote ssh access
- Login as boxmgmt user
- Select the following menu options to disable remote connection:
Setup -> Advanced options -> Security options -> Enable/Disable remote connection -> Answer y to disable remote access
Make sure to complete all steps above. Leaving the password of the root user as root and/or leaving remote ssh enabled will expose the system to security risks. This procedure must be executed on each RPA/vRPA in the system.