The initial default password of the admin user of the NSX Advanced Load Balancer Controller is set to a strong password. This password is available in the NSX Advanced Load Balancer portal where release images are uploaded and accessible only to customers having an account on the portal.
SSH access to the Controller with this default password is not allowed until the user changes the default password of the admin user. Once the password is changed, SSH access to the admin user is permitted. The primary reason behind this change is to mitigate the risk of having a newly created Controller being attacked through SSH using the simple password. The password can be changed through the Welcome screen in NSX Advanced Load Balancer UI, NSX Advanced Load Balancer REST API, or through a remote CLI shell. This change strikes a good balance between security and ease of automation and keeps the existing automation workflows such as the NSX Advanced Load Balancer UI welcome screen, adding Controller nodes to a cluster unchanged.
Customers must change the password of the admin user to a strong password first before any other change is implemented in the Controller.
NSX Advanced Load Balancer CLI
To change the password using CLI, you need to launch a remote CLI shell as follows.
avi_shell --addr 10.10.25.44 Login: admin Password: [admin:10-10-25-44]: > passwd Changing password for admin (current) password: Enter new password: Retype new password: Password successfully changed [admin:10-10-25-44]: >
NSX Advanced Load Balancer UI
If you use the NSX Advanced Load Balancer UI, a welcome screen is launched. The user’s first step is to change the admin user password.
NSX Advanced Load Balancer REST API
If you plan to use the SDK or API directly, establish a login session with the Controller using the default password and execute the API calls below to change the password.
PUT https://<controller-ip>/api/useraccount DATA: {“old_password”: <default password>, “password”: <new password>}