|
When trying to change the 'root' user password for a Linux secret, an error 'secret server password change error.
Not Matched at step(9))' may appear.
To check this further, run the below debug command and reproduce the issue:
diag debug dis
diag debug console timestamp enable
diag wad debug enable category pwdchg
diag wad debug enable level verbose
diag debug enable
~~reproduce the issue~~
diag debug disable
The output may show:
[I]2025-01-22 09:38:57.900333 [p:2544] wad_http_pwd_chg_continue :5460 Password change failed (Secret server password change error.
Not Matched at step(9)) <------------
[V]2025-01-22 09:39:00.632056 [p:4140] wad_pwd_ssh_exec :800 user=root, to 10.10.10.10:22 pwd_type=3, code=3, err_msg=Can not login SSH session:LIBSSH2_ERROR_AUTHENTICATION_FAILED, script_return= <-----
[V]2025-01-22 09:39:00.632370 [p:2535] wad_pwd_proc_job_resp :3317 recovery pwd is not changed for secret id:100 <----------
Changing password for user root.
New password: , expect=assword:, regex:0
[V]2025-01-22 09:39:43.368442 [p:4140] wad_pwd_ssh_expect_str :477 buf=
BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic <------
Retype new password: , expect=assword:, regex:0
This is because the default 'SSH Password (Unix)' password changer is not catered to change passwords for 'root' users, as there are rarely use-cases to change 'root' user's passwords over SSH.
To resolve this, clone the default 'SSH Password (Unix)' password changer, remove step3 and step4 on the new password changer, and use the new password changer.
- Go to Secret Settings -> Password Changers -> SSH Password (Unix) -> Clone.
- Edit the cloned SSH Password (Unix), select step3 and step4 -> Delete -> Save.
- Configure the target's secret (or secret's template if it is applicable) to use this new cloned Password Changer. In this way, password changing of the 'root' user over SSH would be successful.
|
