Method for setting a permanently available password for the administrator of the USG2000&5000 series

2

For the USG2000&5000 series, the following example is provided for you to set the validity period of the administrator login password:
# Set the password validity period for the administrator test to 80 days.
system-view
[sysname] aaa
[sysname-aaa] local-user test password valid-days 80
For the USG6000 series, the following example is provided for you to set the validity period of the administrator login password:
# Set the password validity period for the administrator test to 80 days.
system-view
[sysname] aaa
[sysname-aaa] manager-user test
[sysname--manager-user-test] password valid-days 80
If valid-days is set to 0, the password never expires.
For more command details, see the product documentation.

Other related questions:
Method for setting a permanently available password for the administrator of the USG6000 series
For the USG6000 series, the following example is provided for you to set the validity period of the administrator login password: # Set the password validity period for the administrator test to 80 days. system-view [sysname] aaa [sysname-aaa] manager-user test [sysname--manager-user-test] password valid-days 80 For the USG2000&5000 series, the following example is provided for you to set the validity period of the administrator login password: # Set the password validity period for the administrator test to 80 days. system-view [sysname] aaa [sysname-aaa] local-user test password valid-days 80 If valid-days is set to 0, the password never expires. For more command details, see the product documentation.

Method for changing the password of the current administrator for the USG2000&5000 series
The following example is provided for you to change your login password as an administrator after logging in to the firewall: # Change your password after login. current-user password-modify Please input the old password:********* Please input the new password:********* Please confirm the new password:*********

Administrator user name and password change for the USG2000&5000 series
For firewalls, once an administrator account is created, the user name cannot be changed. You can change the administrator password on the web UI: 1. Choose System > Administrators > Administrators. 2. Click the Edit icon on the line of the administrator and change the password in the displayed dialog box. In addition, you can run the current-user password-modify command to change the password of the current administrator.

Modifying the administrator password complexity on the USG2000&5000
The password complexity requirement of the USG2000&5000 cannot be modified. After the password policy is enabled, only passwords that meet the password complexity requirement can be successfully configured. Enable or disable the password policy as follows: - On the web UI, choose System > Admin > Administrators, select or deselect Password Policy, and click Apply. - An example of enabling or disabling the password policy through the CLI is as follows: # Enable the password policy. system-view [sysname]aaa [sysname-aaa]password-policy mandatory enable # Disable the password policy. system-view [sysname]aaa [sysname-aaa]undo password-policy mandatory enable By default, the password policy is enabled. After you disable the function, passwords that do not meet complexity requirements can be configured. However, these passwords bring about security risks and you are advised not to disable this function.

Setting the SSH password on the USG2000&5000
Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication. 1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH. 2. Configure connection number limit on the VTY administrator interface. 3. Set the administrator account and password for login through SSH. system-view [sysname] ssh user admin1 [sysname] ssh user admin1 authentication-type password [sysname] aaa [sysname-aaa] local-user admin1 password cipher ********* [sysname-aaa] local-user admin1 service-type ssh [sysname-aaa] local-user admin1 level 3 [sysname-aaa] local-user admin1 access-limit 1 4. Enable the STelnet service on the device. 5. Set the client service mode of the SSH account to STelnet.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top