The initial default password of the admin user of the Controller is set to a strong password. This password is available in the Avi Load Balancer portal, where release images are uploaded and are accessible only to users having an account on the portal.
SSH access to the Controller with this default password is not allowed until the user changes the default password of the admin user. Once the password is changed, SSH access to the admin user is permitted. The primary reason behind this change is to mitigate the risk of having a newly created Controller being attacked through SSH using the simple password. The password can be changed through the Welcome screen in Avi Load Balancer UI, REST API, or through a remote CLI shell. This change strikes a good balance between security and ease of automation and keeps the existing automation workflows, such as the Avi Load Balancer UI welcome screen, adding the Controller nodes to a cluster unchanged.
Users must change the password of the admin user to a strong password first before any other change is implemented in the Controller.
Using the UI
If you use the Avi Load Balancer UI, a welcome screen is launched. The user’s first step is to change the admin user password.
Using the CLI
To change the password using CLI, you need to launch a remote CLI shell as follows.
avi_shell --addr 10.10.25.44 Login: admin Password: [admin:10-10-25-44]: > passwd Changing password for admin (current) password: Enter new password: Retype new password: Password successfully changed [admin:10-10-25-44]: >
Using the REST API
If you use the SDK or API directly, establish a login session with the Controller using the default password and execute the API calls below to change the password.
PUT https://<controller-ip>/api/useraccount DATA: {“old_password”: <default password>, “password”: <new password>}