Accessing the nortel snas cluster – Nortel Networks 5500 series User Manual
Page 381
Accessing the Nortel SNAS cluster
381
network while configuring or collecting information from the Nortel SNAS
is encrypted. For information about different user accounts and default
passwords, see
“Accessing the Nortel SNAS cluster” (page 381)
During the initial setup of the Nortel SNAS device or cluster, you
are provided with the choice to generate new SSH host keys. Nortel
recommends that you do so, in order to maintain a high level of security
when connecting to the Nortel SNAS using an SSH client. If you fear that
your SSH host keys have been compromised, you can create new host
keys at any time by using the
/cfg/sys/adm/sshkeys/generate
command. When reconnecting to the Nortel SNAS after generating new
host keys, your SSH client will display a warning that the host identification
(or host keys) has changed.
Accessing the Nortel SNAS cluster
To enable better Nortel SNAS management and user accountability, there
are five categories of users who can access the Nortel SNAS cluster:
•
The Operator is granted read access only to the menus and
information appropriate to this user access level. The Operator cannot
make any changes to the configuration.
•
The Administrator can make any changes to the Nortel SNAS
configuration. Thus, the Administrator has read and write access to all
menus, information, and configuration commands in the Nortel SNAS
software.
•
A Certificate Administrator is a member of the certadmin group.
A Certificate Administrator has sufficient user rights to manage
certificates and private keys. By default, only the Administrator user
is a member of the certadmin group. To separate the Certificate
Administrator user role from the Administrator user role, the
Administrator user can add a new user account to the system, assign
the new user to the certadmin group, and then remove himself or
herself from the certadmin group. For more information, see
.
•
The Boot user can perform a reinstallation only. For security reasons,
it is only possible to log on as the Boot user through the console port
using terminal emulation software. The default Boot user password
is
ForgetMe
. The Boot user password cannot be changed from the
default.
•
The Root user is granted full access to the underlying Linux operating
system. For security reasons, it is only possible to log on as the Root
user through the console port using terminal emulation software.
Reserve Root user access for advanced troubleshooting purposes,
under guidance from Nortel customer support.
For more information, see
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100
03.01
Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.