User's Manual
MDS 05-6399A01, Rev. D MDS Master Station 33
that password is automatically revoked from the list of passwords created. (You may create up to five
one-time passwords at one time, and more can be created if some get used). Once used, a password can-
not be used again for log-in to the unit (hence the name “one-time” password)
Creating a One-Time Password
To create a one-time recovery password via the console, enter the following command, where <selected
function> is either “factory-reset” or “login”
request system recovery one-time-passwords create function selected function
NOTE: A one-time password is automatically generated and displayed on the screen. Copy this pass-
word and save it in the desired location on your PC. There is no way to ever view it again from
the command line console, so be sure it is properly saved.
To create additional one-time passwords (up to a total of five), repeat the step above.
Logging in With a One-Time Password
Logging in with a one-time password can only be performed from the local serial or USB console. Note
the local serial cannot be used if configured as a payload or diagnostic interfaces. You also cannot use a
one-time password when connecting to the unit remotely. Therefore, in some configurations, the USB
console is the only option.
To use the one-time password for log-in, proceed as follows:
At the username prompt, enter the word
recovery.
At the
password prompt, paste in the one-time-password saved earlier on your PC. Using a
one-time-password forces the unit to perform the “function” which was previously defined when
the password was created:
•
factory-reset—The unit resets its entire configuration to factory defaults
•
login—The unit allows logging in with “admin” privileges
Special case: If someone has disabled console access on the
USB port, the login prompt will still be pre-
sent on that console, but only one-time-passwords will be accepted. This is done to provide a way to re-
cover the unit in the case where the USB port has been disabled and the unit cannot be accessed via TCP
(for example; SSH).
Deleting a One-Time Password
As noted earlier, a one-time password is automatically revoked when it is used for log-in. A revoked
password may be replaced, but it must first be removed from the list so a new one can be generated. Any
of the five stored passwords may be removed on demand. As long as there is a free slot, an additional
password can be created, up to the maximum number of five. Logs are generated when the user creates,
deletes or logs in with a one-time-password. To remove an existing password from the list, proceed as
follows:
Enter the command
request system recovery one-time-passwords delete identifier <X>, where <X> is a
number from the currently available one-time passwords. This identifier is not reused. If all five pass-
words have been created, then ID 1 can be deleted, and the next created password will be at ID 6.
The current list of passwords may be viewed by issuing the command
show system recovery
one-time-passwords
. The following is an example output from that command. On the unit shown, only two
passwords have been stored.
Password 1 or 2 can be deleted from this list.