Hi, does anyone have a Huawei Switch/Router custom platform for Password Safe to share with us?
Page 1 / 1
I hope this helps. not really tested.
Steps to Create a Custom Platform for Huawei Devices
1. Access the Custom Platforms Page
- In the BeyondInsight Console, go to:
Configuration > Privileged Access Management > Custom Platforms - Click Create New Custom Platform or Clone an existing one (e.g., Cisco or Linux) to modify.
2. Configure the Options Tab
- Platform Name: Give it a unique name (e.g.,
Huawei SSH Router). - Protocol: Choose SSH or Telnet, depending on how your Huawei device is accessed.
- Port: Default is
22for SSH or23for Telnet. - Prompt Regex: Define the shell prompt regex (e.g.,
>or#depending on Huawei CLI). - Config Prompt / Elevated Prompt Regex: Useful for devices with multiple modes (e.g., user vs. system view).
- End of Line: Usually
\r(carriage return). - Password Command: The CLI command used to change passwords (e.g.,
set passwordoruser-interface vtycommands). - Exit Command: Typically
quitorexit.
3. Define Steps for Password Change
- On the Steps tab, define:
- Expect statements: What the device sends back (e.g., login prompts, confirmation messages).
- Response statements: What Password Safe should send (e.g., username, password, CLI commands).
- Use template variables like
<<MANACCTNAME>>and<<NEWPASSWORD>>to dynamically insert credentials.
4. Check/Change Password Tab
- Configure how Password Safe tests and changes passwords.
- Specify:
- Host IP
- Functional Account
- Managed Account
- Elevation Command (if needed, e.g.,
sudoor Huawei-specific privilege escalation)
5. Test and Activate
- Use the Check Password and Change Password buttons to validate the setup.
- Once successful, go back to the Options tab, check Active, and click Create Platform.
🧩 Optional: Use Custom Plugins
If Huawei’s CLI is highly customized or uses APIs, you can extend Password Safe using the Custom Plugin SDK.
Here’s a sample Huawei CLI session and corresponding regex patterns you can use to build a custom platform in BeyondTrust Password Safe for Huawei switches or routers.
Sample Huawei CLI Session
Plain Text
Login authentication
Username: admin
Password:
<Huawei> system-view
Enter system view, return user view with Ctrl+Z.
pHuawei] user-interface vty 0 4
wHuawei-ui-vty0-4] authentication-mode aaa
cHuawei-ui-vty0-4] set authentication password cipher NewP@ssw0rd
iHuawei-ui-vty0-4] quit
nHuawei] save
Are you sure to save the configuration? (y/n)>n]: y
Configuration is saved.
hHuawei] quit
<Huawei> quit
Show more lines
Regex Patterns for Custom Platform
These regex patterns help Password Safe detect prompts and transitions:
| Purpose | Regex Pattern | Notes |
|---|---|---|
| Login Prompt | Username: | Detects username prompt |
| Password Prompt | (?i)Password: | Case-insensitive match for password prompt |
| User View Prompt | </^>]+> | Matches <Huawei> or similar |
| System View Prompt | \ | Matches tHuawei] or [Huawei-ui-vty0-4] |
| Confirmation Prompt | Are you sure.*\? \(y/n\)\in\]: | For save confirmation |
| Command Success | Configuration is saved\. | Confirms save completed |
️ Password Change Command Template
You can script the password change steps like this:
system-viewuser-interface vty 0 4authentication-mode aaaset authentication password cipher <<NEWPASSWORD>>quitsave- Confirm with
y quit(twice)
once again this is not tested
Badge Earners
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.