Securing a unit with Non-Factory Username and Password
Leaving any device set with a factory Username and Password is a big security risk. The JNIOR comes with two factory Administrator accounts. The usernames jnior and admin both have administrative privileges.
It is recommended that the users be modified on the JNIORs to secure them. This is vital for units that are on the open network and have public access. Public access does not mean that they are supposed to be open to the public but rather that they are accessible from anywhere.
List the Users
To see the current users and their privileges, you will use the users command. This command will show you the usernames, their assigned user id and the privileges that they possess.
Change the password for the current user
The simplest change that you can make to secure your unit is to change the password of one of the factory administrator accounts. To do this you will log in to the one you want to change and use the passwd command. You will be prompted for the current password and then twice for the new password. The password requirement is very relaxed but you are encouraged to create a strong password.
Create a new user
We need to create a new administrator account so that we can disable the factory users. Using the useradd command with the -a option will create a new user with administrator privileges. You will be prompted for the new password twice. The password requirement is very relaxed but you are encouraged to create a strong password. After the user is created you can execute the users command again to see the results.
Disable the Admin account
To disable an account you will use the usermod command. This command modifies the privileges for the given user. To disable the admin account you will type usermod +d admin. Then you can execute the users command again to see the result.
Change the current user
After creating the new user you will want to switch to it so that modifications can be made to the user account that was logged in while the new user was created. You will do this by closing the command line connection. This will log you out from the current user. Then reconnect using the new user and the new credentials. You can see what the current user account is by using the whoami command. Next, you can then modify the privileges of the user that was used to create the new account.
Things to watch out for
You MUST have at least one admin account on the JNIOR. If you try to do so, you will simply be told that you cannot remove that user.
You also cannot remove admin privileges from the user that you are logged in as while performing that operation. If you try to do that you will be told that you cannot alter the current account.
What to do if the admin credentials are forgotten
If you lose the credentials then the only option is SAFE MODE. SAFE MODE will restore the default “jnior” username and password while in SAFE MODE. The accounts will not be altered after exiting SAFE MODE. The requires physical access to the JNIOR.
In order to access SAFE MODE a jumper must be inserted onto the pins accessible through the small opening between the Ethernet connector and the RS-232 Command Port. The unit is then rebooted or powered up. When the command line mode is subsequently accessed either through the serial connection or via the network, “SAFE MODE” will be indicated below the welcome banner. This is the only indication that the mode has been enabled.
The jumper must be removed and the unit must be rebooted in order to exit SAFE MODE.
Note that you may ‘borrow’ a jumper from the N.O./N.C. relay jumpers if you remove the unit’s cover. Do so only if disconnecting that relay will not adversely affect any system connected to it. Use a unused channel if available. Once you are done with SAFE MODE be sure to return the jumper to the original position. Jumpers placed close to the relay output connector are set for Normally Open (N.O.) operation (default).