The initial default password of the admin user of the Controller is set to a strong password. This password is available in the NSX Advanced Load Balancer portal, where release images are uploaded and are accessible only to users having an account on the portal.

SSH access to the Controller with this default password is not allowed until the user changes the default password of the admin user. Once the password is changed, SSH access to the admin user is permitted. The primary reason behind this change is to mitigate the risk of having a newly created Controller being attacked through SSH using the simple password. The password can be changed through the Welcome screen in NSX Advanced Load Balancer UI, REST API, or through a remote CLI shell. This change strikes a good balance between security and ease of automation and keeps the existing automation workflows, such as the NSX Advanced Load Balancer UI welcome screen, adding the Controller nodes to a cluster unchanged.

Users must change the password of the admin user to a strong password first before any other change is implemented in the Controller.

Using the UI

If you use the NSX Advanced Load Balancer UI, a welcome screen is launched. The user’s first step is to change the admin user password.

Using the CLI

To change the password using CLI, you need to launch a remote CLI shell as follows.

avi_shell --addr
Login: admin

[admin:10-10-25-44]: > passwd
Changing password for admin
(current) password:
Enter new password:
Retype new password:
Password successfully changed
[admin:10-10-25-44]: >

Using the REST API

If you use the SDK or API directly, establish a login session with the Controller using the default password and execute the API calls below to change the password.

   PUT https://<controller-ip>/api/useraccount     DATA: {“old_password”: <default password>, “password”: <new password>}