Don Y
2024-04-12 17:40:20 UTC
APC UPSs have (or can have) a network management option.
Most usually, an add-in card with (at least) a NIC and
some services hosted by the UPS (web interface, sshd,
ftpd, etc.).
Most UPSs don't have a traditional UI. Often, a serial
console is available -- via a (trivial to make) special cable.
To get the interface card to a known state, there is a RESET
pinhole available. One would think holding the RESET for
some abnormal amount of time would force the card to
resume it's default settings -- IP, password, etc.
APC, however, have implemented a more bizarre scheme:
Press RESET.
Wait a few seconds for indicator on the card to rapidly flash
Press RESET, again.
Repeatedly strike ENTER on serial console until prompt appears.
Use default credentials to log in.
This must be accomplished in the first 30 seconds else the existing
settings (ALL of them, including username and password) remain as is.
[Keep in mind that for a racked UPS, you've got your head inside
the rack on the BACK side of the UPS to access the RESET pinhole.
And, the UPS is likely *low* in the rack making access challenging.
Presumably, a laptop sitting nearby to act as the serial console]
I do not see the rationale for this. The person has physical
access to the UPS *and* the power cords for the devices that
it protects (and powers, even when mains power is available
THROUGH the UPS!).
The person is free to alter the persistent settings for any of
these parameters after this ritual is performed.
So, what is the silly 30 second timeout achieving? Is it there
to protect against someone ACCIDENTALLY pressing RESET? Is it
there to ensure the existing password can remain intact even if the
user successfully accesses the console and opts not to change the
existing password?
This seems unduly complicated vs. simply "Press RESET for 10 seconds
to reset credentials (and IP?)"
I'm looking at other (UPS) manufacturers' products to see if they are
similarly convoluted for some reason...
Most usually, an add-in card with (at least) a NIC and
some services hosted by the UPS (web interface, sshd,
ftpd, etc.).
Most UPSs don't have a traditional UI. Often, a serial
console is available -- via a (trivial to make) special cable.
To get the interface card to a known state, there is a RESET
pinhole available. One would think holding the RESET for
some abnormal amount of time would force the card to
resume it's default settings -- IP, password, etc.
APC, however, have implemented a more bizarre scheme:
Press RESET.
Wait a few seconds for indicator on the card to rapidly flash
Press RESET, again.
Repeatedly strike ENTER on serial console until prompt appears.
Use default credentials to log in.
This must be accomplished in the first 30 seconds else the existing
settings (ALL of them, including username and password) remain as is.
[Keep in mind that for a racked UPS, you've got your head inside
the rack on the BACK side of the UPS to access the RESET pinhole.
And, the UPS is likely *low* in the rack making access challenging.
Presumably, a laptop sitting nearby to act as the serial console]
I do not see the rationale for this. The person has physical
access to the UPS *and* the power cords for the devices that
it protects (and powers, even when mains power is available
THROUGH the UPS!).
The person is free to alter the persistent settings for any of
these parameters after this ritual is performed.
So, what is the silly 30 second timeout achieving? Is it there
to protect against someone ACCIDENTALLY pressing RESET? Is it
there to ensure the existing password can remain intact even if the
user successfully accesses the console and opts not to change the
existing password?
This seems unduly complicated vs. simply "Press RESET for 10 seconds
to reset credentials (and IP?)"
I'm looking at other (UPS) manufacturers' products to see if they are
similarly convoluted for some reason...