Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1561 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Admin password with 2FA not synced in HA

LHerzog

For the second time now we face an issue that we cannot login to XG with SSH. Either as admin or with the ssh keys we entered in WebAdmin.

XG430 (SFOS 19.0.1 MR-1-Build365)

This was first noticed when we upgraded from 18.5.4 to the current version. There was a case 05903832 and of course the cause could not been identified by support. Instead they wanted us to recreate the issue with Firmware downgrade, Backup restore and so on.

The issure is that the HA Aux node has different SSH settings than the primary Node.

Today the HA did a failover to the AUX node.

Now on the AUX we cannot login with admin and the SSH Keys entered in Webadmin are not shown.

We switched over to the other node and have the same situation there. Admin cannot login to SSH and our SSH keys are gone.

All other things replicate fine.

What's the issue here with SSH? how can we assure, everything is synced? Known issue?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to emmosophos

    As advised by support, I reset the password with serial cable now on both machines. On Serial connection I could login with admin / admin then. Logged on Web GUI with admin admin+2FA and was forced to set a new secure password.

    At first I just entered admin as old password and a new password.

    Then the wizard told me it didn't work - I need 2FA for old password.

    So did the same again with admin+2FA

    Same error message appeard again and again. Need 2FA for old password and it did not proceed.

    In my mailbox I found mails about badlogins and that the IP I tried with has been finally banned due to  too many logins.

    Then I logged in Web GUI with other admin user and found that the admin password has been changed on the Web GUI. But why? I always got error messages when I tried to change the password as the admin user.

    and yes, after some time when my IP has been unblocked, I could login as admin with the new password +2FA

Children
Unfiltered HTML