The privileges of an
admin user can escalate their privileges for root access.
The following are
guidelines for escalating privileges:
-
Only an admin
user can escalate privileges to root.
-
Bash must be
enabled before escalating privileges.
-
Escalation to
root is password protected.
-
SSH to the switch using root
username through a non-management interface will default to Linux Bash shell-type access for the root user. Type vsh to return to NX-OS shell access.
NX-OS
network administrator users must escalate to root to pass configuration
commands to the NX-OS VSH if:
Run
sudo su 'vsh
-c "<configuration commands>"' or
sudo bash -c
'vsh -c "<configuration commands>"'.
The example below
demonstrates with network administrator user MyUser with a default shelltype
Bash using
sudo to pass configuration commands to the NX-OS:
ssh -l MyUser 1.2.3.4
-bash-4.2$ sudo vsh -c "configure terminal ; interface eth1/2 ; shutdown ; sleep 2 ; show interface eth1/2 brief"
--------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
--------------------------------------------------------------------------------
Eth1/2 -- eth routed down Administratively down auto(D) --
The example below
demonstrates with network administrator user MyUser with default shelltype Bash
entering the NX-OS and then running Bash on the NX-OS:
ssh -l MyUser 1.2.3.4
-bash-4.2$ vsh -h
Cisco NX-OS Software
Copyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.
Nexus 3600 software ("Nexus 3600 Software") and related documentation,
files or other reference materials ("Documentation") are
the proprietary property and confidential information of Cisco
Systems, Inc. ("Cisco") and are protected, without limitation,
pursuant to United States and International copyright and trademark
laws in the applicable jurisdiction which provide civil and criminal
penalties for copying or distribution without Cisco's authorization.
Any use or disclosure, in whole or in part, of the Nexus 3600 Software
or Documentation to any third party for any purposes is expressly
prohibited except as otherwise authorized by Cisco in writing.
The copyrights to certain works contained herein are owned by other
third parties and are used and distributed under license. Some parts
of this software may be covered under the GNU Public License or the
GNU Lesser General Public License. A copy of each such license is
available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html
***************************************************************************
* Nexus 3600 is strictly limited to use for evaluation, demonstration *
* and NX-OS education. Any use or disclosure, in whole or in part of *
* the Nexus 3600 Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
***************************************************************************
switch# run bash
bash-4.2$ vsh -c "configure terminal ; interface eth1/2 ; shutdown ; sleep 2 ; show interface eth1/2 brief"
--------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
--------------------------------------------------------------------------------
Eth1/2 -- eth routed down Administratively down auto(D) --
The following
example shows how to escalate privileges to root and how to verify the
escalation:
switch# run bash
bash-4.2$ sudo su root
bash-4.2# whoami
root
bash-4.2# exit
exit