Linux Reset Forgotten Root Password For a KVM VM (guestfish)
This post will guide you how to reset a forgotten root password for a KVM virtual Machine on CentOS/RHEL/Ubuntu Linux. How do I recover KVM virtual Machine root password on Linux. How to reset or modify the Linux root password of Virtual Machine on a KVM Hypervisor system. How to reset a forgotten root password for a kvm vm with guestfish tool in Linux.
Reset Forgotten Root Password For a KVM VM
You can use a filesystem interactive shell called guestfish to change the root password for a VM on KVM server. Guestfish is a shell and command-line tool for examining and modifying virtual machine filesystem. So you can use this tool to edit the virtual machine filesystem, and then modify /etc/shadow file to change the password for this VM. Just do the following steps:
#1 Install Guestfish Tool
You need to install guestfish tool firstly, type the following command:
For CentOS/RHEL Linux:
# yum install libguestfs-tools
For Fedora Linux:
# dnf install libguestfs-tools
For Ubuntu/Debian Linux:
#apt-get install libguestfs-tools
Outputs:
devops@devops-VirtualBox:~$ sudo apt-get install libguestfs-tools [sudo] password for devops: Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: attr augeas-lenses btrfs-tools cpu-checker cryptsetup cryptsetup-bin dmeventd dmsetup extlinux gawk hfsplus ipxe-qemu libaio1 libaugeas0 libboost-random1.58.0 libboost-thread1.58.0 libcacard0 libconfig9 libdevmapper-event1.02.1 libfdt1 libguestfs-hfsplus libguestfs-perl libguestfs-reiserfs libguestfs-xfs libguestfs0 libhfsp0 libhivex0 libintl-perl libiscsi2 liblvm2app2.2 liblvm2cmd2.02 librados2 librbd1 libreadline5 libsdl1.2debian libsigsegv2 libspice-server1 libstring-shellquote-perl libsys-virt-perl libusbredirparser1 libvirt0 libwin-hivex-perl libxen-4.6 libxenstore3.0 libxml-xpath-perl lsscsi lvm2 lzop mdadm msr-tools qemu-block-extra qemu-system-common qemu-system-x86 qemu-utils reiserfsprogs scrub seabios sharutils supermin xfsprogs zerofree Suggested packages: augeas-doc keyutils gawk-doc augeas-tools libguestfs-gfs2 libguestfs-jfs libguestfs-nilfs libguestfs-rescue libguestfs-rsync libguestfs-zfs libintl-xs-perl thin-provisioning-tools default-mta | mail-transport-agent dracut-core samba vde2 sgabios ovmf debootstrap bsd-mailx | mailx xfsdump quota The following NEW packages will be installed: attr augeas-lenses btrfs-tools cpu-checker cryptsetup cryptsetup-bin dmeventd dmsetup extlinux gawk hfsplus ipxe-qemu libaio1 libaugeas0 libboost-random1.58.0 libboost-thread1.58.0 libcacard0 libconfig9 libdevmapper-event1.02.1 libfdt1 libguestfs-hfsplus libguestfs-perl libguestfs-reiserfs libguestfs-tools libguestfs-xfs libguestfs0 libhfsp0 libhivex0 libintl-perl libiscsi2 liblvm2app2.2 liblvm2cmd2.02 librados2 librbd1 libreadline5 libsdl1.2debian libsigsegv2 libspice-server1 libstring-shellquote-perl libsys-virt-perl libusbredirparser1 libvirt0 libwin-hivex-perl libxen-4.6 libxenstore3.0 libxml-xpath-perl lsscsi lvm2 lzop mdadm msr-tools qemu-block-extra qemu-system-common qemu-system-x86 qemu-utils reiserfsprogs scrub seabios sharutils supermin xfsprogs zerofree 0 upgraded, 62 newly installed, 0 to remove and 478 not upgraded. Need to get 23.7 MB of archives. After this operation, 102 MB of additional disk space will be used. Do you want to continue? [Y/n] … Setting up libfdt1:amd64 (1.4.0+dfsg-2) ... Setting up seabios (1.8.2-1ubuntu1) ... Setting up qemu-system-x86 (1:2.5+dfsg-5ubuntu10.31) ... Setting up qemu-utils (1:2.5+dfsg-5ubuntu10.31) ... Setting up reiserfsprogs (1:3.6.24-3.1) ... update-initramfs: deferring update (trigger activated) Setting up sharutils (1:4.15.2-1ubuntu0.1) ... Setting up supermin (5.1.14-2ubuntu1.1) ... Setting up xfsprogs (4.3.0+nmu1ubuntu1.1) ... update-initramfs: deferring update (trigger activated) Setting up libhivex0:amd64 (1.3.13-1build3) ... Setting up scrub (2.6.1-1) ... Setting up zerofree (1.0.3-1) ... Setting up libwin-hivex-perl (1.3.13-1build3) ... Setting up liblvm2cmd2.02:amd64 (2.02.133-1ubuntu10) ... Setting up dmeventd (2:1.02.110-1ubuntu10) ... Setting up lvm2 (2.02.133-1ubuntu10) ... update-initramfs: deferring update (trigger activated) Setting up libguestfs0:amd64 (1:1.32.2-4ubuntu2) ... Setting up libguestfs-hfsplus:amd64 (1:1.32.2-4ubuntu2) ... Setting up libguestfs-perl (1:1.32.2-4ubuntu2) ... Setting up libguestfs-reiserfs:amd64 (1:1.32.2-4ubuntu2) ... Setting up libguestfs-tools (1:1.32.2-4ubuntu2) ... Setting up libguestfs-xfs:amd64 (1:1.32.2-4ubuntu2) ... Processing triggers for libc-bin (2.23-0ubuntu9) ... Processing triggers for systemd (229-4ubuntu19) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for initramfs-tools (0.122ubuntu8.8) ... update-initramfs: Generating /boot/initrd.img-4.10.0-28-generic W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
#2 shutdown the Virtual Machine VM1
You need to get your VM ID using virsh list command, Type the following command:
# virsh list
Outputs:
Id Name State
----------------------------------------------------
3 vm1 running
So the ID of VM is 3. Then type the following command to shutdown this VM:
# virsh shutdown 3
Or
# virsh shutdown vm1
Outputs:
devops@devops-VirtualBox:~# virsh shutdown vm1
Domain 3 is being shutdown
#3 Get the Location of KVM VM Image
You need to use the virsh dumpxml to get the location of the vm image file, type:
# virsh dumpxml vm1 | grep ‘source file’
Outputs:
devops@devops-VirtualBox:~ # virsh dumpxml vm1 | grep ‘source file’
<source file='/var/lib/libvirt/images/vm1.qcow2'/>
#4 Generate the encrypted password for root user in VM
You can use the Openssl command to generate a password based on MD5 password algorithm. Type:
# openssl passwd -1 “your password here”
Outputs:
root@devops-VirtualBox:~# openssl passwd -1 123456
$1$zk1J5yOp$l.uW/UxXpNuPSY/ziiGrr0
You need to copy this MD5 password, and it will be used to update the old password with this one.
#5 edit the VM filesystem with guestfish tool
Type the following command to edit the vm image:
#guestfish –rw –a /var/lib/libvirt/images/vm1.qcow2
Then it will enter into an interactive shell like this:
<fs> launch ><fs> list-filesystems /dev/sda1: ext4 ><fs>mount /dev/sda1 / ><fs> vi /etc/shadow
Then you need to find the root user line and then replace the old encrypted password with the above newly password. Save and close the file.
><fs> flush ><fs> quit
#6 restart virtual machine vm1
Type the command:
#vish start vm1
Then you can use the newly password to login the VM1 guest.
See Also: guestfish(1) – Linux man page