Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3399
Views
6
Helpful
14
Replies

vManage have root ?

Go to solution
ADC Lane
Level 1
Level 1

‎03-22-2023 08:48 PM - edited ‎03-24-2023 01:39 AM

Hi Team, 

I am wonder that vmanage have root account. Some times, I use root account and ssh to vmanage, it still request password of the account. So the root account is still alive for vManage or be disabled ?

Thanks in advance !

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to ADC Lane

‎03-23-2023 11:46 AM

Thx., ADC Lane.

To get to the root level access (via vsh), you do need TAC help as this is very intrusive and could cause other side effects.
There are instances, where it could be needed.
In general, it is highly discouraged and not recommended.
admin level access provides - admin level only. There is no 'root' level.

HTH

View solution in original post

Go to solution
Kanan Huseynli
VIP
VIP

‎03-23-2023 02:24 PM

Hi,

TAC has read-only and read-write based users. Root can only be accessed by hacking. With root you most probably can do all system/ file access.

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

14 Replies 14

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee

‎03-22-2023 10:09 PM

hi ADC Lane -

Which version that you are trying with ?

0 Helpful

Go to solution
ADC Lane
Level 1
Level 1
In response to svemulap@cisco.com

‎03-22-2023 10:15 PM

Hi svemulap@cisco.com i am using version 20.6.3.1 .Thank you in advance !

0 Helpful

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to ADC Lane

‎03-23-2023 11:46 AM

Thx., ADC Lane.

To get to the root level access (via vsh), you do need TAC help as this is very intrusive and could cause other side effects.
There are instances, where it could be needed.
In general, it is highly discouraged and not recommended.
admin level access provides - admin level only. There is no 'root' level.

HTH

Go to solution
ADC Lane
Level 1
Level 1
In response to svemulap@cisco.com

‎03-23-2023 10:49 PM

Hi svemulap@cisco.com , it mean there are no way to access to vmanage by Root account by ssh, https, scp ... right ? root vshell need user account and need do by TAC in case need. 

0 Helpful

Go to solution
maxnpj
Level 1
Level 1

‎03-23-2023 04:45 AM

Have you actually authenticated to vManage using the "root" account? I don't think you have access to that account; you have access to "admin" but not root...but maybe I'm misunderstanding the question. 

Go to solution
ADC Lane
Level 1
Level 1
In response to maxnpj

‎03-23-2023 06:49 AM

Hi @maxnpj , in vmanage, I can use some commands same in linux, so I think root account is alway exist in linux, I wonder vmanage have root account and then test SSH to it, of course, I dont know password and can not access to vManage.

So I am wonder whether root account is still alive or just only admin account.

0 Helpful

Go to solution
maxnpj
Level 1
Level 1
In response to ADC Lane

‎03-23-2023 07:21 AM

You are correct, there is a root account, but I'm pretty sure you have no access to it. You do have "admin" access but those rights/privileges are lower than root. From the vshell as "admin" you can run Linux commands but, for example, there are many directories you cannot get to, and there are certain Linux commands you can't run as "admin". I've been on TAC calls where they've had to login as root and they have to use some zillion-bit token to get authenticated as root. 

Go to solution
ADC Lane
Level 1
Level 1

‎03-23-2023 08:43 AM

Hi @maxnpj 

Casual, I found one topics in internet, they have published  vmanage pentest results,

https://www.synacktiv.com/en/publications/pentesting-cisco-sd-wan-part-1-attacking-vmanage.html 

It includes 1 way to get root shell, i wonder  whether do later firmwares fix this error ? And if root privilege is got, what happen :)) ?

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎03-23-2023 02:24 PM

Hi,

TAC has read-only and read-write based users. Root can only be accessed by hacking. With root you most probably can do all system/ file access.

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Go to solution
ADC Lane
Level 1
Level 1
In response to Kanan Huseynli

‎03-24-2023 07:40 AM

Hi @Kanan Huseynli , thank you for your reply

I have question, if root account is spam and clock, vManage operation is affected?

ADCLane_0-1679668786485.png

 

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP
In response to ADC Lane

‎03-24-2023 01:37 PM

Hi,

don't think so. And "account lock" means, you can't login with this account. There is no process that requires root login (I haven't seen anyone).

by the way, normally after some time account should be unlocked.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to Kanan Huseynli

‎03-24-2023 03:52 PM

Exactly. It is correct.

Go to solution
ADC Lane
Level 1
Level 1
In response to Kanan Huseynli

‎03-24-2023 08:51 PM

Hi @Kanan Huseynli  , Thank you so much !

0 Helpful

Go to solution
ADC Lane
Level 1
Level 1

‎03-24-2023 08:50 PM

Thank you so much svemulap@cisco.com 

0 Helpful
Customers Also Viewed These Support Documents