How to add new user into CVM?

Hi @rajkumar.miriyala 

You shall not create new users on the CVM, please check de Non configurable AHV Components https://portal.nutanix.com/page/documents/details?targetId=AHV-Admin-Guide-v6_5:ahv-nonconfigurable-components-r.html

Hope this helps

Regards!

SSH to a CVM is done via the nutanix or admin user, not via others user accounts.

You can, however, use cluster lockdown to create specific certificates for specific users who need access to the console if you dont want to give the passwords or want to secure ssh access more.

Hi @bcaballero @JeroenTielen ,

Thanks for your quick response, we would like to manage the passwords with CyberArk, so they are asking us to provide another account for the reconciliation task. 

Thanks,

Rajkumar

It is not supported to create any additional users on the CVMs or AHV hosts. 

Technically, it is possible to use traditional Linux tools (useradd) to create a user, but such user will be quite useless, because most of the Nutanix services and internal tools are bound to nutanix/admin users. Moreover, if you create any user on a CVM, that user will be deleted by the upgrade process next time you upgrade the AOS.

Thanks everyone for your response, I will update the same to the customer.

Regards,

Rajkumar

Hello Rajkumar,

I hope you're well.

I too am working with a customer who uses CyberArk and we've had this discussion too!

In the end we agreed to use cluster lockdown and a managed ssh key (private held only within CyberArk) that is brokered on the user requesting behalf. We did raise this with Nutanix and CyberArk too so it will be on their radar.

It's not great and it is something I feel Nutanix could improve upon but it should be quite rare for BAU teams to need to log in via SSH unless investigating a problem.

Prism Pro is plenty helpful for most BAU tasks.

Take care,

Kim

All the services are running under nutanix / admin users , creating any other user is useless.