Restricted Shell in HyperFlex 4.5

It was already impossible to login with root in HyperFlex Connect, but you still could login with SSH or locally with a root account. In HXDP 4.5 there is the Restricted Shell or Admin Shell.

What is the Restricted Shell?

In the restricted shell there is a limited number of commands that you can perform. Just SSH to the HyperFlex Cluster IP Address and login with “admin” and the password.

To see what commands are available for you, type ? or help

List of commands available in the Restricted Shell.

There are a lot of commands and the important command that you still can execute are:

  • hx_post_install
  • hypercheck
  • install_vc_plugin
  • hxcli
  • stcli

In the next picture you see that ping normally is working and when the command fping tried to be executed, there is a warning. fping is not on the list of the Restricted Shell. If you do more than 5 forbidden commands, the session will be closed.

There is also an “priv” command. With priv you can do a bit more commands.

Here you can see all the commands there are when you start with priv.

In this case, fping is still available, only you will have to start it with:

priv fping <ip address>

If you want to have root access and execute su you will see a warning. When you accept this, there is a menu where you can Generate a Challenge and put an Accept Response in place.

The Accept Response can only be created by TAC and only when they need root access, they will generate it.

What if I can hack the Admin Shell?

If you have too much sparetime in the weekends and you want to have Root access without anybodys permission, you will get stuck when you’re trying to upgrade the system in the future.

Just login in as “admin” and you can do everything you want to do and if there are commands that you used to run, but you cannot do this anymore: Contact TAC!.

Here are some other HyperFlex Posts:

  • License Registration for HyperFlex
    After the installation of HyperFlex, you will have an evaluation period. During this time you have to register the cluster with a valid license. There are features that won’t be running anymore after the evaluation … Read more
  • HX-CSI ReadWriteMany Block Device Example
    Specialized applications can need to read/write directly to a block device. The main use case are databases. A filesystem is more “human-readable” and it adds extra overhead. Instead of the filesystem, block devices are chosen … Read more
  • HyperFlex 4.5 Container Storage Interface (HX-CSI) Installation
    In a containerized environment, you need persistent volumes . With HyperFlex 4.5, iSCSI thisis possible. What are the difference between using iSCSI or CSI in a container. Information about Kubernetes Persistent Volumes can be found … Read more
  • Restricted Shell in HyperFlex 4.5
    It was already impossible to login with root in HyperFlex Connect, but you still could login with SSH or locally with a root account. In HXDP 4.5 there is the Restricted Shell or Admin Shell. … Read more

1 thought on “Restricted Shell in HyperFlex 4.5”

  1. Thank you, I did not find this in the “Collecting Tech Support Files for Cisco Hyperflex” article while trying to collect the support bundle.

    Reply

Leave a Comment