cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
422
Views
0
Helpful
0
Replies

Reset admin password on Firepower (FTD)

eduard.hoffmann
Level 1
Level 1

Hello everyone, 

Recently it became necessary to reset the password for the admin user, and the old password was lost. At the same time, there was access to FW under a different administrator account on the CLI of the firewall.

The task was not as simple as it seemed at first glance, but not so difficult as well. So I decided to write this Post to help others in a similar situation.

A little bit of theory :
FW has commands to change the password in the FTD-Shell:
# Change the password for any user:
> configure user password <Username>

# Change the password for the current account:
> configure password

But in my case they are not suitable, as they require the old password to be entered, before changing it. As I wrote above, we lost the old password.

Without entering the old password, we can set a new password in Expert-Mode (Linux-Shell), using the following command:
>expert
user-admin@ftd-01:~ sudo passwd <Username>

But there is a nuance! if we reboot FW, the password will be reset to the old one.

If we were not talking about the password for the 'admin' user. You could just delete the user account and create a new one to reset the password.
>configure user delete <Username>
>configure user add <Username> config

But the 'admin' account cannot be deleted.

Solution:

We have two users on FW with admin rights: admin and user-admin.
    - 'admin'. Password is lost. We want to setup the password 'pw-admin'
    - 'user-admin'.  Password is 'pw-user'

1. SSH-Login on the FW with 'user-admin' 
          login as: user-admin
          Keyboard-interactive authentication prompts from server:
          Password : <pw-user>

2. Set a new password for 'admin' in expert mode
>expert
user-admin@ftd-01:~ sudo passwd admin
Password: <pw-user>
New password: <pw-temp>
Retype new password: <pw-temp>
# At this step we set an intermediate temporary password different from the final one.
# Since later we will have to change this password again, and it will not be possible to change it to a similar one.

3. Log in to FW under admin using a temporary password.
          login as: admin
          Keyboard-interactive authentication prompts from server:
          Password : <pw-temp>

4. Set a new password for the admin user.
> configure password
Enter current password: <pw-temp>
Enter new password: <pw-admin>
Confirm new password: <pw-admin>

Finish!!!

0 Replies 0