HOW-TO: Reset Root Password (addendum)

It can happen to me.. to you.. or to one of your clients, where a machine will have to be worked on but the root password is somehow lost or forgotten. Pretty basic you might think, but you might be faced with this hurdle sooner than you think.

The above statements might already sound familiar to you. It is mentioned in the post tackling how to reset a forgotten root password. Still in the x86 realm, let us discuss how to reset the root password using a rescue CD (or DVD, if one exists).

As always, the best advice to give is: Do not panic. If the host has an optical drive, a good option is to use a rescue CD to reset the root password.

Reboot the host and set the BIOS to boot from the CD-ROM drive, save the settings and exit the BIOS. Make sure that the rescue disc in the drive as well.

Once the host is up, mount the root partition of the host. And edit the shadow file and leave root with a blank password.

# mount /dev/sda1 /mnt
# vi /mnt/etc/shadow

.. before:
root:$2a$10$Gw/SYEjxGEXnZESeW07sb.XdWB9VxDAnXC3SRUtpSwitb6EzkDwS.:14145::::::

.. after:
root::14145::::::


On some systems this works. And when you login as root, you will not be prompted for a password at all. So the best thing to do is set a root password as soon as the system reboots.

Another recommendation after mounting the root partition is to chroot to the mount point.
# mount /dev/sda1 /mnt
# chroot /mnt /bin/bash
# passwd
Changing password for root
New password:
Reenter New Password:
#


However, this does not work at all times. One of the errors encountered is like the message below:
# passwd
Changing password for root
New password:
Reenter New Password:
Cannot open /dev/urandom for reading: No such file or directory
Cannot create salt for blowfish crypt
Error: Password NOT changed.
passwd: Authentication token manipulation error


The above happens because the special file /dev/urandom (which is created at boot-up) does not exist in the chrooted environment. You may create the file using other binaries large enough to generate entropy for the crypt algorithms. And even a plain text file will do.
(execute this in the chrooted environment still)
# cp /etc/default/passwd /dev/urandom
# passwd
Changing password for root
New password:
Reenter New Password:
Password changed.


There you go. Two more ways to reset a forgotten root password. But with a rescue CD this time. If your distribution does not have a rescue CD, the first CD (or CD#1, the bootable CD) can be used instead. Boot to single-user or select rescue mode if available.

You might also be interested in:

Feedback

We at pimp-my-rig strive to keep on improving, help us reach that goal by leaving comments or constructive criticisms. Don't miss out on our next feature -- subscribe via RSS (What is RSS?).

Share This

2 comments: