Tectia

Recreating Superusers

Management Server superusers are used for performing several important operations, such as managing administrator accounts in the system. If access to a system at superuser level is lost, for example due to all superuser passwords being forgotten or misconfigured authentication settings, access to the system at superuser level cannot be recovered through the standard administration interface.

To enable recovery from situations where access to a system at superuser level has been lost, an interactive command-line tool to recreate superusers is provided. Access to this command is restricted to the operating system user root to deny unauthorized recreation of superuser accounts.

To recreate a superuser, execute the following steps:

  1. Start the Management Server if it is not already running.

  2. Start the superuser recreation by running the following command as root:

    # ssh-mgmt-tool -r
    

    The command is located in <server-root>/server/sbin (by default /opt/ssh-mgmt/server/sbin).

    1. Enter the username of the superuser to be recreated.

    2. Enter a new password for the superuser. The typing will not be echoed on the terminal.

    3. Enter the new password again.

  3. Restart the Management Server for the changes to take effect.

The tool will report success if a superuser with the given username and password was successfully recreated. It will also create new authentication settings and assign them to the superuser account.