HyperFlex

Restricted Shell in HyperFlex 4.5

It was already impossible to login with root in HyperFlex Connect, but you still could login with SSH or locally with a root account. In HXDP 4.5 there is the Restricted Shell or Admin Shell.

What is the Restricted Shell?

In the restricted shell there is a limited number of commands that you can perform. Just SSH to the HyperFlex Cluster IP Address and login with “admin” and the password.

To see what commands are available for you, type ? or help

List of commands available in the Restricted Shell.

There are a lot of commands and the important command that you still can execute are:

  • hx_post_install
  • hypercheck
  • install_vc_plugin
  • hxcli
  • stcli

In the next picture you see that ping normally is working and when the command fping tried to be executed, there is a warning. fping is not on the list of the Restricted Shell. If you do more than 5 forbidden commands, the session will be closed.

There is also an “priv” command. With priv you can do a bit more commands.

Here you can see all the commands there are when you start with priv.

In this case, fping is still available, only you will have to start it with:

priv fping <ip address>

If you want to have root access and execute su you will see a warning. When you accept this, there is a menu where you can Generate a Challenge and put an Accept Response in place.

The Accept Response can only be created by TAC and only when they need root access, they will generate it.

What if I can hack the Admin Shell?

If you have too much sparetime in the weekends and you want to have Root access without anybodys permission, you will get stuck when you’re trying to upgrade the system in the future.

Just login in as “admin” and you can do everything you want to do and if there are commands that you used to run, but you cannot do this anymore: Contact TAC!.

Here are some other HyperFlex Posts:

  • Restricted Shell in HyperFlex 4.5
    It was already impossible to login with root in HyperFlex Connect, but you still could login with SSH or locally with a root account. In HXDP 4.5 there is the Restricted Shell or Admin Shell.
  • iSCSI Support in HyperFlex 4.5
    The latest HyperFlex Data Platform 4.5 can be found at: cisco.com/go/software and one of the new feature is iSCSI. With iSCSI you can have raw block storage device to your server over the network. I’ve
  • Boost your HyperFlex 4.0+
    HyperFlex is a fast hyperconverged solution with Hybrid, All Flash and even All NVMe solutions. It is possible to get even more performance out of your HyperFlex cluster with the HyperFlex Boost Mode. Official documentation
  • iSCSI in a Nutshell
    In the blog of Vijay and in the podcast of Ronnie Chan a new feature of HyperFlex is mentioned: iSCSI. In this blog I will describe what iSCSI is. I already made a blog about

Leave a Comment