Two days ago, I received a call from a customer. The customer changed the password of the firewall admin account, but the customer forgot the changed password. Now he cannot log in to the web console.
After the password is modified, if Xshell/Putty and other software are used to connect to the firewall device and the password is saved, you can directly connect to the device through the software and change the password of admin. If the software does not save the password, you can also try to change the password by logging in to the device through the Console port, provided that the Console port login verification is turned off. It is recommended to try ssh/telnet/Console to change the password first, because if you cannot change the password directly from the command line, you must restart the device to recover the password. Restarting the device is bound to cause business interruption, and if there is no save in the configuration at this time, the modified configuration from the last save to the present will be lost.
Change password command:
[H3C]local-user admin class manage [H3C-luser-manage-admin]password simple admin [H3C-luser-manage-admin]
At this time, the password of admin is changed to admin. Now you can log in to the console through the web.
However, if the Console interface cannot enter the command line to change the password, the device must be restarted to change the password. Restarting the device is bound to cause business interruption. If there is no save in the configuration at this time, the configuration modified from the last save to the present will be lost. These situations need to be communicated with the customer before operation.
At this time, we will discuss it in two cases, both of which require restarting the device.
1、 The device has enabled password recovery enable (the system is enabled by default)
Connect to the device through the Console port, and power on the device after powering off.
View the screen output prompt, press Ctrl+B to enter the bootware interface
System is starting... Press Ctrl+D to access BASIC-BOOTWARE MENU... Press Ctrl+T to start heavy memory test. Booting Normal Extended BootWare The Extended BootWare is self-decompressing.... Done. **************************************************************************** * * * H3C SecPath BootWare, Version 3.00 * * * **************************************************************************** Copyright (c) 2004-2019 New H3C Technologies Co., Ltd. Compiled Date : Apr 11 2019 Memory Type : DDR3 SDRAM Memory Size : 2048MB Memory Speed : 667MHz Flash Size : 16MB Nandflash Size : 256MB PCB Version : Ver.A BootWare Validating... Press Ctrl+B to access EXTENDED-BOOTWARE MENU... Password recovery capability is enabled. Note: The current operating device is flash Enter < Storage Device Operation > to select device. ============================================================================ |<1> Boot System | |<2> Enter Serial SubMenu | |<3> Enter Ethernet SubMenu | |<4> File Control | |<5> Restore to Factory Default Configuration | |<6> Skip Current System Configuration | |<7> BootWare Operation Menu | |<8> Skip Authentication for Console Login | |<9> Storage Device Operation | |<0> Reboot | ============================================================================ Ctrl+Z: Access EXTENDED ASSISTANT MENU Ctrl+C: Display Copyright Ctrl+F: Format File System Enter your choice(0-9):
After entering this interface, select Skip Authentication for Console Login
When you see the prompt "Clear Image Password Success!", you will skip the Console login authentication. After you select<0>Reboot to restart the device, you can change the password directly on the Console.
2、 The device does not enable the password recovery function undo password recovery enable
Enter the bootware interface in the same way as in the first case.
Select Skip Current System Configuration to skip the current system configuration and start with the default configuration. Then select<0>Reboot to reboot the device
The device will use the default configuration to start the device. Therefore, do not save after restarting, or the configuration will be overwritten by the default configuration. After the device is restarted, download the step.cfg configuration file from the device through ftp on the command line.
#Connect ftp <h3c>ftp 192.168.0.2 Trying 192.168.0.2 ... Press CTRL+K to abort Connected to 192.168.0.2. 220 (vsFTPd 3.0.3) #Log in to ftp User(192.168.0.2:(none)):admin 331 Please specify the password. Password: 230 Login successful. #Upload the configuration file (upload the firewall configuration file to ftpServer) [ftp] [ftp]put startup.cfg 227 Entering Passive Mode (192,168,0,2,198,35). 150 Ok to send data. 226 Transfer complete. FTP: 8744 byte(s) sent in 0.013 second(s), 672.00Kbyte(s)/sec. [ftp]
After downloading the configuration file locally, change the account password in the configuration file locally.
Find the following section in the configuration file
user-group system # local-user admin class manage Password hash****** service-type ssh telnet terminal https authorization-attribute user-role level-3 authorization-attribute user-role network-admin authorization-attribute user-role network-operator #
Change the password line to "password simple admin" and save the file. Then upload the configuration file through the web and apply it. After verification, save the configuration and restart the firewall.
This article is published at: yingfeng Blog >> H3C Firewall Forgot Password Reset Password Method , please indicate the source for reprinting.
