NSX CLI Guide
Associated Commands:
| CLI Description | Command |
|---|---|
Resets configured password complexity requirements to defaultResets configured password complexity requirements to default. |
clear password-complexity
|
Disable password expiration for the userDisable password expiration for the user. |
clear user <node-username> password-expiration
|
Disable password expiration warning for the userDisable password expiration warning for the user. |
clear user <node-username> password-expiration-warning
|
Delete SSH service keys from authorized_keys file for specified userDelete any SSH key with specified label from specified user's authorized_keys file. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin. |
del user <username> ssh-keys label <key-label> [password <password>]
|
Get API account lockout periodGet the amount of time, in seconds, that an account will remain locked out of the API after exceeding the maximum number of failed authentication attempts. |
get auth-policy api lockout-period
|
Get API account lockout reset periodIn order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period exprires, the failed login count is reset to zero. |
get auth-policy api lockout-reset-period
|
Get API maximum authentication faliuresGet the number of failed API authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled. |
get auth-policy api max-auth-failures
|
Get CLI account lockout periodGet the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts. |
get auth-policy cli lockout-period
|
Get CLI maximum authentication faliuresGet the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled. |
get auth-policy cli max-auth-failures
|
Get minimum allowable password lengthGet the minimum number of characters that passwords must have. |
get auth-policy minimum-password-length
|
Get configured password complexity requirementsGet configured password complexity requirements. |
get password-complexity
|
Get number of days od details user password expiration detailsGet number of days the user's password is valid after a password change and number of days before user receives password expiration warning message. |
get user <node-username> password-expiration
|
Get SSH keys from authorized_keys file for specified userGet SSH keys from authorized_keys file for specified user. |
get user <node-username> ssh-keys
|
Get user status for specified non-root userGet user status for specified non-root user. |
get user <node-username> status
|
Set API account lockout periodSets the amount of time, in seconds, that an account will remain locked out of the API after exceeding the maximum number of failed authentication attempts. |
set auth-policy api lockout-period <lockout-period-arg>
|
Set API account lockout reset periodIn order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period exprires, the failed login count is reset to zero. |
set auth-policy api lockout-reset-period <lockout-reset-period-arg>
|
Set API maximum authentication faliuresSet the number of failed API authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled. |
set auth-policy api max-auth-failures <auth-failures-arg>
|
Set CLI account lockout periodSets the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified. |
set auth-policy cli lockout-period <lockout-period-arg>
|
Set CLI maximum authentication faliuresSet the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled. |
set auth-policy cli max-auth-failures <auth-failures-arg>
|
Set minimum allowable password lengthSet the minimum number of characters that passwords must have. The smallest value that can be set is 8. |
set auth-policy minimum-password-length <password-length-arg>
|
Set auth-policy vidm propertiesSet the vidm's properties. |
set auth-policy vidm hostname <hostname-or-ip-address> thumbprint <vidm-host-thumbprint-arg> client-id <vidm-client-id-arg> client-secret <vidm-client-secret-arg> node-hostname <hostname-or-ip-address>
|
Configure password complexity requirementsConfigure password complexity requirements. - Minimum number of characters expected in password; user can not set their password of length lesser than this parameter. Default: 12, Minimum: 8, Maximum: 128 - Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. Default: 128, Minimum: 8, Maximum: 128 - Number of lower case characters (a..z) expected in user password. N > 0, to set maximum credit for having lower case letters in the new password, i.e. this is the maximum number of lower case characaters that are allowed for a new password. N < 0, to set minimum credit for having lower case letters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128- Number of upper case characters (A..Z) expected in user password. N > 0, to set maximum credit for having upper case letters in the new password, i.e. this is the maximum number of upper case characters that are allowed for a new password. N < 0, to set minimum credit for having upper case letters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128- Number of digits (0..9) expected in user password. N > 0, to set maximum credit for having digits in the new password, i.e. this is the maximum number of digits that are allowed for a new password. N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128- Number of special characters (!@#$&*..) expected in user password. N > 0, to set maximum credit for having special letters in the new password, i.e. this is the maximum number of sepcial characters that are allowed for a new password. N < 0, to set minimum credit for having special letters in the new password, i.e. this is the minimum number of sepcial characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128- Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Reject passwords which contain more than N same consecutive characters. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Sets hash/cryptographic algorithm type for new passwords. Default: sha512. Enum: [ sha512, sha256 ] - Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. Default: 0, Minimum: 0 |
set password-complexity [<complexity-name> <complexity-value>]
|
Set number of days the user's password is valid after a password changeSet number of days the user's password is valid after a password change. |
set user <node-username> password-expiration <password-expiration-arg>
|
Set number of days prior user receives warning message before password expiresSet number of days prior user receives warning message before password expires. Set 0 to disable warning messages for password expiry. |
set user <node-username> password-expiration-warning <password-expiration-warn-arg>
|
Set new username for specified non-root userSet new user name for the specified non-root user. |
set user <node-username> username <new-node-username>
|
Set user passwordSet the password for the specified user. If you do not specify the password on the command line, you will be prompted for it. For details on setting passwords during installation, see the NSX-T Installation Guide. |
set user <username> password [<password> [old-password <old-password>]]
|
Add SSH service key to authorized_keys file for specified userAdd SSH service key to authorized_keys file for specified user. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin. |
set user <username> ssh-keys label <key-label> type <key-type> value <key-value> [password <password>]
|