Admin user locked out on the conduit.

[Ajay K]

Is there any way to get around the admin user being locked out and change the login password, without doing a complete reset or bringing it back to factory state? We haven’t changed the password for the admin account and has been working for this long and all of a sudden we have been logged out.

Thanks,
Ajay

[Ajay K]

Just also wanted a clarification regarding this setting on the access configuration tab under administration. I have the brute force protection enabled. so based on the comments below in the help file, it says “This feature tracks login attempts at the RESTFUL API level”. What does that exactly mean? Login into the node-red or the admin screen?

Brute Force Protection:

This feature tracks login attempts at the RESTFUL API level. Its purpose is to prevent Dictionary attacks that attempt to brute force the user’s password.

Thanks,
Ajay.

[Jeff Hatch]

Ajay,

If the login brute force protection is enabled, the default failed attempts that trigger lockout is three. If the user fails three times they will be locked out for the lockout time which defaults to five minutes.

The Node-RED authentication uses the REST API to authenticate the admin user, so this can also trigger the Brute Force Protection if it is enabled.

Have you been able to log in successfully since the “Lock out” behavior started?

Jeff

[Ajay K]

Hi Jeff,

Thanks for taking the time to respond. Last night around 11pm I was able to get in, until then it I was totally blocked from logging in. I was wondering would this happen, if there is a lot of data flowing because of inbound and outbound https requests via node-red? I just couldn’t either SSH into it remotely or login via the admin screen either. The reason I ask that is because the data flow slows down after 7-8pm and does that have an impact on the login?

Also I use the internal multitech rest api to query the PPP status every 10 minutes to see if the Cellular connection is up and running? Would this effect it in anyway?

Thanks,
Ajay

[Jeff Hatch]

Ajay,

A couple of things that might be going on is if you are using HTTPS in the Node-RED traffic, and a lot of LoRa is going on, there is a possibility the CPU is getting maxed out. One way to see if this is the case would be to be connected in via SSH before the “busy” period starts and run the “top” command. Watching the output of top during the period while you can’t log in should tell you the state of the CPU consumption and the memory. It is quite possible things are thrashing.

I don’t think that the PPP REST requests to the API are the cause. The only thing that might be disruptive that I can think of is that is running radio commands that could cause a blip in the processing of anything else. Are you by chance using the SMS node in Node-RED?

Jeff

[Ajay K]

Thanks Jeff, for the suggestions. Last night I did run the top command and it seems like the node-red fluctuates between 35-56% CPU and this morning too it was around the same. Also I am not using the SMS node. I am guessing that node can cause issues? We are planning to use the SMS node only in critical errors that needs someones attention to handle any issues wrt to the conduit/gateway, but so far we haven’t used it.

Also is there a better way to determine if the cellular connection is up and running, instead of using the PPP rest api? Sometimes I have noticed that the PPP api will return that the PPP link is up, but all my http calls would fail.

Thanks,
Ajay.

[Jeff Hatch]

As far as the SMS node, I don’t think that will cause memory/CPU issues, but it does use http to our API that in turn is using utility programs to get SMS data from the radio. Again, I don’t think that will cause problems, but what might is using any node code, Node-RED included, that does HTTPS. for some reason that seems to be a real resource hog. The original person who wrote the SMS node was using HTTPS to localhost for the API calls and that was causing resource issues when there was a lot of SMS going on.

For the PPP monitoring, are you making the API calls remotely or are you doing them locally on the Conduit?

Jeff

[Ajay K]

Thanks Jeff for the information regarding the SMS node. I am making a http rest api call using the HttpRequest node from the node-red flow and then based on the resulting json returned, i figure out if the PPP link is up or not.

Thanks,
Ajay.

[Author]

Posts