I have a conductor that is working fine. Its "admin" and "t128" user passwords were changed to non-default high-quality passwords during the build, as you would expect.
I noticed that after onboarding several SSRs with the conductor successfully, their admin and t128 users remain in place and the passwords have not been changed to match the non-default high-quality passwords I set during the conductor build.
Process:
1) Build conductor in AWS, currently 5.5.4 (the latest when I built from AWS Marketplace)
2) Change "admin" and "t128" user passwords during build
3) Configure an SSR and grab its quickstart
4) Onboard it using OTP + quickstart method
5) The SSR joins, but if I go to its console via remote terminal, the passwords remain unchanged from the well-known default.
Concerns/Questions:
1) These SSRs will be deployed to customer sites; even if you can't SSH to them (which I haven't tested exhaustively), a malicious user could get on the console via the serial console port
2) If I want to change these passwords, the only way I currently know is to drop to the remote terminal, then su t128, sudo su, and passwd, which is not a scalable solution. Is there a better way?
Thanks!
------------------------------
Chris Tomkins
------------------------------