Re: [Xen-users] special passwords for xenserver direct console, could it
Many thanks Craig for your answer.
I got enlightened to a fact from the reply: that though XenServer Mgmt
Console might seem to ask for the root password of a VM, by virtue of being
in the List VirtualMachines part of the menu-tree, it in fact wants the same
XenServer Mgmt root password, not the VM root PWD.
The upshot being that having the root passwords of the individual VMs is
only part of the admin access, and that the Xenserver root password is just
as, maybe even more, important.
Well, I am not in that position, so I must consider restting the password as
per this link.
By way of conclusion (unless anybody corrects/contradicts), that would
appear to be the best course of action.
Craig Miskell writes:
-----BEGIN PGP SIGNED MESSAGE-----
Would appreciate any comments on the following scenario. Thanks in advance.
I'm a newcomer to xen and have received a machine with several VMs
running on it. I also have the root passwords to the VMs at keast one of
which I can log into as root via ssh.
I can also connect a keyboard and screen directly to the machine and I
get a XenServer Management console coming up in ncurses style.
However the root password I use for ssh is rejected by this Mgmt console
when I select and request login into the machine I just ssh'd into.
The possibility of the Xenserver Mgmt console needing a different typoe
of root password is not impossible (i'm new to xen, so I tend to expect
and believe anything), but at the same time it not hugely conventional.
Having two types of "root passwords" ... well ... I suppose one could
get used to it, but it will cause not a little confusion.
I decided that it can't be, so I checked and re-checked my typing and
the keyboard to make sure it enters what I typed.
One thing this Mgmt console can't do is allow non-root access. You
overwrite the UID part (it allows you to overwrite "root") and you ente
a valid username for the VM in question, and it says "only root can log
in here" or something to that effect.
Grateful for any comments. Many thanks.
This is quite normal. The host running the XenServer Mgmt console is a
more trusted server than the guests; in essence, connecting through the host
gives you full access to the guests. The reverse is not true. So, in some
scenarios that may be a large part of the design (untrusted guests under the
control of non-local people), where having the same root password would be
You are quite entitled to set the root password on the management console to be
the same as the guests, but there's no connection between them, by design.
Senior Systems Administrator
Opus International Consultants
Phone: +64 4 471 7209
Real programmers program by whistling down the MIC IN port of a ZX80.
- Adrian Millett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
Xen-users mailing list