Creating A One-Time Password; Logging In With A One-Time Password; Deleting A One-Time Password - GE MDS Master Station Technical Manual

out to quickly gain entry when your primary key is lost. If you don't make a spare, you are al-
ways at risk of locking yourself out.
A one-time recovery password is different from the one used to log into the unit on a routine ba-
sis. It is only for use when the primary password is lost or forgotten. When a one-time password
is used to log in, that password is automatically revoked from the list of passwords created. (You
may create up to five one-time passwords at one time, and more can be created if some get used).
Once used, a password cannot be used again for log-in to the unit (hence the name "one-time"
password)

Creating a One-Time Password

To create a one-time recovery password via the console, enter the following command, where
<selected function> is either "factory-reset" or "login"
> request system recovery one-time-passwords create function selected function
A one-time password is automatically generated and displayed on the screen. Copy this
password and save it in the desired location on your PC. There is no way to ever view it
again from the command line console, so be sure it is properly saved.
To create additional one-time passwords (up to a total of five), repeat the step above.

Logging in With a One-Time Password

Logging in with a one-time password can only be performed from the local serial or USB con-
sole. Note the local serial cannot be used if configured as a payload or diagnostic interfaces. You
also cannot use a one-time password when connecting to the unit remotely. Therefore, in some
configurations, the USB console is the only option.
To use the one-time password for log-in, proceed as follows:
At the
•
username
At the
•
password
one-time-password forces the unit to perform the "function" which was previously defined
when the password was created:
—The unit resets its entire configuration to factory defaults
•
factory-reset
—The unit allows logging in with "admin" privileges
•
login
Special case: If someone has disabled console access on the
be present on that console, but only one-time-passwords will be accepted. This is done to provide
a way to recover the unit in the case where the
accessed via TCP (for example; SSH).

Deleting a One-Time Password

As noted earlier, a one-time password is automatically revoked when it is used for log-in. A re-
voked password may be replaced, but it must first be removed from the list so a new one can be
generated. Any of the five stored passwords may be removed on demand. As long as there is a
free slot, an additional password can be created, up to the maximum number of five. Logs are
generated when the user creates, deletes, or logs in with a one-time-password. To remove an ex-
isting password from the list, proceed as follows:
MDS 05-6399A01, Rev. E
prompt, enter the word
prompt, paste in the one-time-password saved earlier on your PC. Using a
MDS™ Master Station
.
recovery
port, the login prompt will still
USB
port has been disabled and the unit cannot be
USB
31