Strong Default Admin Password

Starting with the 17.2.2 release of Avi Vantage, the initial default password of the admin user of the Avi Controller has been changed from “admin” to a strong password. This password will be available in the Avi Networks portal where release images are uploaded, accessible only to customers having an account on the portal. Additionally, SSH access to the Controller with this default password is not allowed until the user changes the default password of the admin user. Once the password is changed, SSH access to the admin user will be permitted. The primary reason behind this change is to mitigate the risk of having a newly created Controller being attacked via SSH using the simple password. The password can be changed via the Welcome screen in Avi UI, Avi REST API or via a remote CLI shell. This change strikes a good balance between security and ease of automation and keeps the existing automation workflows such as the Avi UI welcome screen, adding Controller nodes to a cluster, etc. unchanged.

Customers must change the password of the admin user to a strong password first before any other change is implemented in the Controller.

Avi CLI

To change the password using CLI, you need to launch a remote CLI shell:


avi_shell --addr 10.10.25.44
Login: admin
Password:

[admin:10-10-25-44]: > passwd
Changing password for admin
(current) password:
Enter new password:
Retype new password:
Password successfully changed
[admin:10-10-25-44]: >

Avi UI

If you use the AvI UI, a welcome screen is launched. The user’s first step is to change the admin user password.

Avi UI create administrator screen
Figure 1. Avi UI create administrator screen

Avi REST API

If you plan to use the SDK or API directly, establish a login session with the Controller using the default password and execute the API calls below to change the password:
     PUT https://<controller-ip>/api/useraccount
     DATA: {“old_password”: <default password>, “password”: <new password>}