Shell Enabled
Shell access is not required for normal operation of the appliance. All routine operational features are available from the web user interface. However, shell access is required for integrating the appliance with other assets in your network and for troubleshooting in the event of a problem. Shell access is enabled by default on physical and virtual machines. On cloud machines, shell access is disabled by default.
While in the Shell Enabled mode, you can enable or disable the following system accounts individually and change their passwords.
On physical and virtual appliances:
-
bootloader - used strictly to manage the boot loader password, for added security. The boot loader controls what image and options the operating system is loaded with. There is no login access to this account.
-
root - not ssh accessible; has shell access from the console if login is enabled.
-
admin - accessible only through the console port; for initial setup only; no shell access; login can be disabled.
-
mazu - accessible through ssh; has shell access unless disabled.
-
dhcp - accessible through ssh using keys and not password.
-
support - for the "challenge and response" user. When Challenge Mode is enabled, the user can gain shell access provided they can pass the challenge, which requires a code from Riverbed Support. The account name can be changed to a user name other than "support."
On cloud appliances (AWS and Azure):
-
admin - no shell access, login disabled.
-
mazu - shell access is disabled after initial setup. Use the Administration > Appliance Security > Security Compliance page to restore shell access.