Control your user password
This function allows you to create or rotate user passwords remotely through automation. This is very important to replace standard passwords and is also very convenient if existing passwords might have become exposed or if service technicians leave the company.
In the password configuration pane under "security" in the "Configuration management" menu you can set your different user passwords. This can be done on a device level or group level for multiple devices. Prevent standard user passwords from being deployed in your production environment. Change passwords if service technicians leave to prevent security weaknesses. All this is centrally controlled through the qbee.io backend.
User passwords need to be inserted as a hash
qbee expects the user password as hashes, not clear text passwords. See below how to create these hashes.
Please note that the passwords need to be inserted as a hash, not a clear text password. This increases security and we do not want to save any clear text passwords on the qbee platform. Depending on what hash you create the password will be set accordingly. We recommend that you use SHA-512 or stronger and not MD-5. Even if you do not know the previous password qbee will overwrite and create a new password. All of this is logged in the audit log.
If a new user is created and receives a new password this takes two qbee agent runs.
If a new user is added and the user is assigned a password during the same commit it takes two runs of the qbee agent to converge and set the password. Here you will find the user management.
How to create sha-512 password hashes?
Please refer to your Linux distribution how to create password hashes. On many system this will produce a SHA-512 hash:
mkpasswd -m sha-512 -s
If you do not have mkpasswd installed you can also use this Python3 one liner to create a valid SHA-512 hashed password. This will also work on a Raspberry Pi. The RPI does not have mkpasswd installed as default, but Python3 is available:
python3 -c "import crypt;print(crypt.crypt(input('clear-text pw: '), crypt.mksalt(crypt.METHOD_SHA512)))"