Cryptographic Security Platform 1.1.0 - Installation and administration guide [PDF][Releases]

Modifies the settings of an operating system user.

clusterctl node modify -u <username> [-p=<password>] [-k <import-authorized-keys>] [-d] [-a <ssh-password-authentication>] [-e <enabled>]

For example:

$ clusterctl node user modify -u john -p='S!B\*d$zDsb=' -k ~/.ssh/authorized_keys

User john modified

Specifically:

You can only modify the initial sysadmin user, and users created with the clusterctl node user create command.
You must repeat the command on all the installation nodes.

See below for a description of each parameter.

-u, --username <username>

Modify the settings of the operating system user with the <username> name.

Exceptions: The command throws an exception when no operating system user with the <username> name exists on the node.

Mandatory: Yes.

-p, --password =<password>

Set <password> as the new user password.

Enclose the password in quotes to escape special characters (such as $, \, *, =, and !) with a backlash (\) as in the above example.

Exceptions: The command throws an exception when the password does not comply with the Password policy CIS benchmarks.

Mandatory: No.

When omitting the whole option, the password does not change
When using the option without indicating the <password> value, the command prompts for the new password. For example:

sudo clusterctl node user modify --username john -p

Password:

Re-enter password:

User test modified

-k, --import-authorized-keys <import-authorized-keys>

Replace the user's public key for SSH authentication with the key in the <import-authorized-keys> file path. For example:

~/.ssh/authorized_keys

Exceptions: The command throws an exception when:

The key file has an invalid format.
The mutually exclusive -d <delete-authorized-keys> option is also used.

Mandatory: No. When omitting this option, the user key is not replaced.

-d, --delete-authorized-keys

Delete the user's SSH authentication key and enable password SSH authentication.

Exceptions: The command throws an exception when using also the mutually exclusive -k <import-authorized-keys> option.

Mandatory: No. When omitting this option, the user key is not deleted.

-a , --ssh-password-authentication <ssh-password-authentication>

Set the supported SSH authentication methods.

<ssh-password-authentication>	Password	Key
yes	Supported	Supported, if configured.
no	Not supported	Supported, must be configured and cannot be deleted.

Exceptions: The command throws an exception when using also the mutually exclusive -d <delete-authorized-keys> option.

Mandatory: No.

-e, --enabled <enabled>

Set the user status.

<enable>	Status
yes	Enabled
no	Disabled: Cannot open shell sessions, either locally or via SSH, and cannot execute binaries.

Once disabled, you can still modify the user settings.

Exceptions: The command throws an exception when using this option alongside any other option. In other words, this option cannot be combined with others.

Mandatory: No.