Accessing the Nortel SNAS cluster 381network while configuring or collecting information from the Nortel SNASis encrypted. For information about different user accounts and defaultpasswords, see “Accessing the Nortel SNAS cluster” (page 381).During the initial setup of the Nortel SNAS device or cluster, youare provided with the choice to generate new SSH host keys. Nortelrecommends that you do so, in order to maintain a high level of securitywhen connecting to the Nortel SNAS using an SSH client. If you fear thatyour SSH host keys have been compromised, you can create new hostkeys at any time by using the /cfg/sys/adm/sshkeys/generatecommand. When reconnecting to the Nortel SNAS after generating newhost keys, your SSH client will display a warning that the host identification(or host keys) has changed.Accessing the Nortel SNAS clusterTo enable better Nortel SNAS management and user accountability, thereare five categories of users who can access the Nortel SNAS cluster:• The Operator is granted read access only to the menus andinformation appropriate to this user access level. The Operator cannotmake any changes to the configuration.• The Administrator can make any changes to the Nortel SNASconfiguration. Thus, the Administrator has read and write access to allmenus, information, and configuration commands in the Nortel SNASsoftware.• A Certificate Administrator is a member of the certadmin group.A Certificate Administrator has sufficient user rights to managecertificates and private keys. By default, only the Administrator useris a member of the certadmin group. To separate the CertificateAdministrator user role from the Administrator user role, theAdministrator user can add a new user account to the system, assignthe new user to the certadmin group, and then remove himself orherself from the certadmin group. For more information, see “Adding anew user” (page 218).• The Boot user can perform a reinstallation only. For security reasons,it is only possible to log on as the Boot user through the console portusing terminal emulation software. The default Boot user passwordis ForgetMe. The Boot user password cannot be changed from thedefault.• The Root user is granted full access to the underlying Linux operatingsystem. For security reasons, it is only possible to log on as the Rootuser through the console port using terminal emulation software.Reserve Root user access for advanced troubleshooting purposes,under guidance from Nortel customer support.For more information, see “How to get help” (page 21).Nortel Secure Network Access SwitchUsing the Command Line InterfaceNN47230-100 03.01 Standard28 July 2008Copyright © 2007, 2008 Nortel Networks.