topic Re: FTD Root access password ? in Network Security

FTD Root access password ?

ida71 — Sat, 15 Aug 2020 20:26:44 GMT

I have used Admin password to login to CLI on FTD's since they were built & can access expert mode. But just tried to run an upgrade readyness check at CLi & it says I don't have privilege so tried sudo to root & none of the passwords I have configured work, including the default one.

I changed the admin account password when the box was built, but never added a separate root password, as I don't recall it being in the build docs.

Any ideas ?

Re: FTD Root access password ?

Francesco Molino — Sun, 16 Aug 2020 03:18:14 GMT

Hi

You can run your commands using sudo at the beginning or from the expert mode entering the privileged mode by typing sudo su. The password is the same as your admin password.
I use this very often and never got an issue where my admin password wasn't taken.

Re: FTD Root access password ?

Marvin Rhoads — Sun, 16 Aug 2020 11:55:50 GMT

My experience matches @Francesco Molino .

When you say you changed the admin password do you mean the standard prompt to do so during initial setup or did you use some other method?

Re: FTD Root access password ?

ida71 — Mon, 17 Aug 2020 08:42:01 GMT

Hi Marvin,

During initial setup, I set an admin password. But have never needed sudo access until now, so never tested it.

I can login & get to expert mode. But it won't accept the admin password for sudo.

Re: FTD Root access password ?

ida71 — Mon, 17 Aug 2020 08:47:42 GMT

Thanks Francisco,

Every other Unix/Linux system I have used in the past either just "su -" or "sudo" got you access, but as per your advice above "sudo su" is required from expert mode & I now have access. Many thanks.

Re: FTD Root access password ?

Francesco Molino — Tue, 18 Aug 2020 02:10:20 GMT

So just to be sure, did you manage getting it working?

Re: FTD Root access password ?

ida71 — Tue, 18 Aug 2020 08:42:34 GMT

Yes, now working but requires specific "sudo su" rather than the "su -" I'm more accustomed to.

I assumed it was not working because typing just "sudo" or "su -" both returned the password prompt, but would NOT accept the admin password !

Many thanks.

Chris.

Re: FTD Root access password ?

Francesco Molino — Wed, 19 Aug 2020 01:11:14 GMT

Can you try to change your admin password and retry?
If it is not working, create a new admin user and test it please.

It's not recommended but the last chance, if all above aren't working, is to connect on your FTD in expert mode, then make sure you are connected using admin (command whoami) and finally type passwd to change the password.
Normally by changing the admin password using the official way through UI or CLI (not expert), it should work or at least with a new admin account as well.

Re: FTD Root access password ?

ida71 — Wed, 19 Aug 2020 08:29:40 GMT

Hi Francesco,

I think you misunderstood my last reply, it is now WORKING 🙂

Thanks

Chris

Re: FTD Root access password ?

Francesco Molino — Thu, 20 Aug 2020 01:42:32 GMT

Ok sorry😂

Re: FTD Root access password ?

Vanjulen1 — Thu, 28 Jan 2021 07:07:39 GMT

Hi i have the same problem , but in my fp1010 i have not allowed use the command sudo or su , i am trying to type sudo pmon stop and it is failing , if i type without sudo the command runs but asking for a password if i type the admin password show the mesages :Password:
Sorry, user admin is not allowed to execute '/usr/bin/pkill -SIGUSR1 pmon' as root

pls need help , thanks in advance.

Re: FTD Root access password ?

Vanjulen1 — Thu, 28 Jan 2021 08:16:24 GMT

Yes i am in the same situation only have admin access , and never before use or configure a root password , and if i use the admin password to stop for example the pmon show one error saying it is not valid user admin , and you need to be a root ... need help pls, ty.

Re: FTD Root access password ?

ida71 — Thu, 28 Jan 2021 08:46:26 GMT

Hi Vanjulen1,

I think your issue is the same as mine, i.e. previous experience with Unix/Linux. Ignore what you know, the FTD platform is NOT the same, its close, but different.

Do NOT use sudo or su - to initiate Root commands, they won't work. You need to change context first then issue your root commands.

So login as admin via SSH to CLi, then issue sudo su followed by the admin user password to change context to Root user.

This worked for me, now issue your required commands without the "sudo" precursor, so your command "sudo pmon stop" becomes "pmon stop" because you are now issuing it as the root user.

I hope that works for you.

Regards

Re: FTD Root access password ?

Vanjulen1 — Thu, 28 Jan 2021 11:38:45 GMT

Hi Ida71 when i try to type sudo su always show error " invalid command" , i am using a console , because the DME is crashed am i need restart the pmon service , but i have no idea how to login or use the sentence like a root user.

thanks fo all.

Re: FTD Root access password ?

Marvin Rhoads — Thu, 28 Jan 2021 12:19:44 GMT

@Vanjulen1 you are trying to run the command from FXOS. That's different than running it from FTD. The "sudo" instructions are specific to FTD as it has Linux underlying in expert mode. FXOS should not require sudo.

I don't have a 1010 handy but here is the example on a Firepower 1120 running FTD 6.7:

fp1120-v-1(local-mgmt)# show pmon state

SERVICE NAME             STATE     RETRY(MAX)    EXITCODE    SIGNAL    CORE
------------             -----     ----------    --------    ------    ----
svc_sam_dme            running           0(4)           0         0      no 
svc_sam_dcosAG         running           0(4)           0         0      no 
svc_sam_portAG         running           0(4)           0         0      no 
svc_sam_statsAG        running           0(4)           0         0      no 
httpd.sh               running           0(4)           0         0      no 
svc_sam_sessionmgrAG   running           0(4)           0         0      no 
sam_core_mon           running           0(4)           0         0      no 
svc_sam_svcmonAG       running           0(4)           0         0      no 
svc_sam_serviceOrchAG   running           0(4)           0         0      no 
svc_sam_appAG          running           0(4)           0         0      no 
svc_sam_envAG          running           0(4)           0         0      no 
fp1120-v-1(local-mgmt)# 
fp1120-v-1(local-mgmt)# 
fp1120-v-1(local-mgmt)# 
fp1120-v-1(local-mgmt)# pmon 
  start  Start operation 
  stop   Stop operation 

fp1120-v-1(local-mgmt)# pmon stop
fp1120-v-1(local-mgmt)# show pmon state

SERVICE NAME             STATE     RETRY(MAX)    EXITCODE    SIGNAL    CORE
------------             -----     ----------    --------    ------    ----
svc_sam_dme         terminated           0(4)           0         0      no 
svc_sam_dcosAG      terminated           0(4)           0         0      no 
svc_sam_portAG      terminated           0(4)           0         0      no 
svc_sam_statsAG     terminated           0(4)           0         0      no 
httpd.sh                killed           0(4)           0         0      no 
svc_sam_sessionmgrAGterminated           0(4)           0         0      no 
sam_core_mon        terminated           0(4)           0         0      no 
svc_sam_svcmonAG    terminated           0(4)           0         0      no 
svc_sam_serviceOrchAGterminated           0(4)           0         0      no 
svc_sam_appAG       terminated           0(4)           0         0      no 
svc_sam_envAG       terminated           0(4)           0         0      no 
fp1120-v-1(local-mgmt)# 
fp1120-v-1(local-mgmt)# 
fp1120-v-1(local-mgmt)# pmon start
fp1120-v-1(local-mgmt)# 
fp1120-v-1(local-mgmt)# 
fp1120-v-1(local-mgmt)# show pmon state

SERVICE NAME             STATE     RETRY(MAX)    EXITCODE    SIGNAL    CORE
------------             -----     ----------    --------    ------    ----
svc_sam_dme            running           0(4)           0         0      no 
svc_sam_dcosAG         running           0(4)           0         0      no 
svc_sam_portAG         running           0(4)           0         0      no 
svc_sam_statsAG        running           0(4)           0         0      no 
httpd.sh               running           0(4)           0         0      no 
svc_sam_sessionmgrAG   running           0(4)           0         0      no 
sam_core_mon           running           0(4)           0         0      no 
svc_sam_svcmonAG       running           0(4)           0         0      no 
svc_sam_serviceOrchAG   running           0(4)           0         0      no 
svc_sam_appAG          running           0(4)           0         0      no 
svc_sam_envAG          running           0(4)           0         0      no 
fp1120-v-1(local-mgmt)#

If you are unable to run the commands as I demonstrated, perhaps opening a TAC case would be useful. Even if you could run them, you should not be having to run those commands normally.

Re: FTD Root access password ?

Vanjulen1 — Thu, 28 Jan 2021 12:41:17 GMT

Hi Marvin thanks for you reply , i have a cisco tac , and the last workaround is , i have to stop the pmon service , but if i use the command show pmon state , dont do nothing , it doent show any result only return the prompt , and when i try to stop the service , asking me for a password and i use the admin password , and after that , show the errorSorry, user admin is not allowed to execute '/usr/bin/pkill -SIGUSR1 pmon' as root on

I need some help , thanks in advance.

Re: FTD Root access password ?

Marvin Rhoads — Thu, 28 Jan 2021 12:48:53 GMT

If you are working with TAC, it would be most effective to continue doing so. If the current engineer is unable to assist then request escalation to a more senior engineer or lead.

You didn't mention what version of software you are running.