Admin Password

Discussion in 'LiquidFiles General' started by Eminent, Feb 6, 2019.

  1. Eminent

    Eminent New Member

    Joined:
    Feb 6, 2019
    Messages:
    6
    Likes Received:
    0
    Hi,

    I just inherited LiquidFiles hosted on AWS EC2 but I don't have any of the admin accounts. I cannot ssh into it and I cannot log into the web portal as admin - I can only do it an regular users. Can someone show me how to reset admin or root password if the vm is hosted on AWS? I saw instructions for mounting the bootable ISO image but I don't think I can do that on AWS.

    Thanks,
    Eminent
     
  2. David

    David Administrator
    Staff Member

    Joined:
    Dec 1, 2015
    Messages:
    781
    Likes Received:
    31
    To reset the sysadmin account for the web GUI you will need at first connect to root shell of the LF instance.
    You will need to use the ssh key generated or assigned to this LF instance in the time when it had been created in your AWS console. The ssh service is listening on LF instances on the tcp port 222.

    1) So a login example may look like this:

    ssh -i "/path/to/your/key/lfec2.pem" liquidfiles@lf.domain.com -p222

    2) when you are logged in as "liquidfiles" user on the LF server, type "sudo bash" to gain the root console and full privileges.

    3) Finally as root you can reset the 1st sysadmin account by typing: "ft reset_admin" or add a new sysadmin account by typing "ft add_admin".
     
    Eminent likes this.
  3. Eminent

    Eminent New Member

    Joined:
    Feb 6, 2019
    Messages:
    6
    Likes Received:
    0
    Hi David,

    Thank you so much for the step-by-step. I will try that tonight and let you know how it goes.

    Em
     
  4. Eminent

    Eminent New Member

    Joined:
    Feb 6, 2019
    Messages:
    6
    Likes Received:
    0
    Hi David,

    Sorry it took so long to get back, I have been searching for the private key (pem). I'm not sure if I found the right one or not but when I try to connect via port 222, it kept timing out. However, if I try to connecting using port 22, it will connect but it'll give a message saying "warning: unprotected private key file! permissions for .pem are too open. this private key will be ignoted." and then it'll ask for a password in order to log in. Is it possible to generate a new private key from AWS?

    Thanks!
    Em
     
  5. David

    David Administrator
    Staff Member

    Joined:
    Dec 1, 2015
    Messages:
    781
    Likes Received:
    31
    On the port tcp/22 is listening the SFTP service, and it refused to log you in with the ec2 key for ssh.
    If the port tcp/222 is unresponsive I think there is missing the rule in the Security Group.
    You will need to check first the inbound Security group in the instance's properties and add the missing rule for tcp/222 port, and then the ssh login again.
    Replace a new ec2 key is not straight forward procedure. You would need to create a new instance with a new key and attach to it the current LF drive.
     
    Eminent likes this.
  6. Eminent

    Eminent New Member

    Joined:
    Feb 6, 2019
    Messages:
    6
    Likes Received:
    0
    so I've created an inbound rule to allow my IP to connect using port 222 and I instantly get "connection refused." Does that mean the ec2 key is wrong?
     
  7. Eminent

    Eminent New Member

    Joined:
    Feb 6, 2019
    Messages:
    6
    Likes Received:
    0
    Can I use the snapshot to restore it to a previous time so that I can try the old admin password?
     
  8. Eminent

    Eminent New Member

    Joined:
    Feb 6, 2019
    Messages:
    6
    Likes Received:
    0
    David,

    Thank you for your help. I was able to restore to a previous snapshot and use one of the old passwords to log in as admin. I'm able to use the web admin interface now.

    Best,
    Em
     
  9. David

    David Administrator
    Staff Member

    Joined:
    Dec 1, 2015
    Messages:
    781
    Likes Received:
    31
    The "Connection refused" can be displayed when the real source IP address, the EC2 instance sees you are coming from, is not on allowed.
    Did you try to temporarily permit access from all network to ssh? More debug logs will be listed when you add -vvv attribute in to the ssh command.

    When you have the snapshot and nothing else worked then it's also a workaround. A problem is that you probably lost messages received since the time when the snapshot has been created till now.
     

Share This Page