OSETC TECH

Linux Reset Forgotten Root Password For a KVM VM (guestfish)

This post will guide you how to reset a forgotten root password for a KVM virtual Machine on CentOS/RHEL/Ubuntu Linux. How do I recover KVM virtual Machine root password on Linux. How to reset or modify the Linux root password of Virtual Machine on a KVM Hypervisor system. How to reset a forgotten root password for a kvm vm with guestfish tool in Linux.

Reset Forgotten Root Password For a KVM VM


You can use a filesystem interactive shell called guestfish to change the root password for a VM on KVM server. Guestfish is a shell and command-line tool for examining and modifying virtual machine filesystem. So you can use this tool to edit the virtual machine filesystem, and then modify /etc/shadow file to change the password for this VM. Just do the following steps:

#1 Install Guestfish Tool

You need to install guestfish tool firstly, type the following command:

For CentOS/RHEL Linux:

# yum install libguestfs-tools

For Fedora Linux:

# dnf install libguestfs-tools

For Ubuntu/Debian Linux:

#apt-get install libguestfs-tools

Outputs:

devops@devops-VirtualBox:~$ sudo apt-get install libguestfs-tools
[sudo] password for devops:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
attr augeas-lenses btrfs-tools cpu-checker cryptsetup cryptsetup-bin
dmeventd dmsetup extlinux gawk hfsplus ipxe-qemu libaio1 libaugeas0
libboost-random1.58.0 libboost-thread1.58.0 libcacard0 libconfig9
libdevmapper-event1.02.1 libfdt1 libguestfs-hfsplus libguestfs-perl
libguestfs-reiserfs libguestfs-xfs libguestfs0 libhfsp0 libhivex0
libintl-perl libiscsi2 liblvm2app2.2 liblvm2cmd2.02 librados2 librbd1
libreadline5 libsdl1.2debian libsigsegv2 libspice-server1
libstring-shellquote-perl libsys-virt-perl libusbredirparser1 libvirt0
libwin-hivex-perl libxen-4.6 libxenstore3.0 libxml-xpath-perl lsscsi lvm2
lzop mdadm msr-tools qemu-block-extra qemu-system-common qemu-system-x86
qemu-utils reiserfsprogs scrub seabios sharutils supermin xfsprogs zerofree
Suggested packages:
augeas-doc keyutils gawk-doc augeas-tools libguestfs-gfs2 libguestfs-jfs
libguestfs-nilfs libguestfs-rescue libguestfs-rsync libguestfs-zfs
libintl-xs-perl thin-provisioning-tools default-mta | mail-transport-agent
dracut-core samba vde2 sgabios ovmf debootstrap bsd-mailx | mailx xfsdump
quota
The following NEW packages will be installed:
attr augeas-lenses btrfs-tools cpu-checker cryptsetup cryptsetup-bin
dmeventd dmsetup extlinux gawk hfsplus ipxe-qemu libaio1 libaugeas0
libboost-random1.58.0 libboost-thread1.58.0 libcacard0 libconfig9
libdevmapper-event1.02.1 libfdt1 libguestfs-hfsplus libguestfs-perl
libguestfs-reiserfs libguestfs-tools libguestfs-xfs libguestfs0 libhfsp0
libhivex0 libintl-perl libiscsi2 liblvm2app2.2 liblvm2cmd2.02 librados2
librbd1 libreadline5 libsdl1.2debian libsigsegv2 libspice-server1
libstring-shellquote-perl libsys-virt-perl libusbredirparser1 libvirt0
libwin-hivex-perl libxen-4.6 libxenstore3.0 libxml-xpath-perl lsscsi lvm2
lzop mdadm msr-tools qemu-block-extra qemu-system-common qemu-system-x86
qemu-utils reiserfsprogs scrub seabios sharutils supermin xfsprogs zerofree
0 upgraded, 62 newly installed, 0 to remove and 478 not upgraded.
Need to get 23.7 MB of archives.
After this operation, 102 MB of additional disk space will be used.
Do you want to continue? [Y/n]
…

Setting up libfdt1:amd64 (1.4.0+dfsg-2) ...
Setting up seabios (1.8.2-1ubuntu1) ...
Setting up qemu-system-x86 (1:2.5+dfsg-5ubuntu10.31) ...
Setting up qemu-utils (1:2.5+dfsg-5ubuntu10.31) ...
Setting up reiserfsprogs (1:3.6.24-3.1) ...
update-initramfs: deferring update (trigger activated)
Setting up sharutils (1:4.15.2-1ubuntu0.1) ...
Setting up supermin (5.1.14-2ubuntu1.1) ...
Setting up xfsprogs (4.3.0+nmu1ubuntu1.1) ...
update-initramfs: deferring update (trigger activated)
Setting up libhivex0:amd64 (1.3.13-1build3) ...
Setting up scrub (2.6.1-1) ...
Setting up zerofree (1.0.3-1) ...
Setting up libwin-hivex-perl (1.3.13-1build3) ...
Setting up liblvm2cmd2.02:amd64 (2.02.133-1ubuntu10) ...
Setting up dmeventd (2:1.02.110-1ubuntu10) ...
Setting up lvm2 (2.02.133-1ubuntu10) ...
update-initramfs: deferring update (trigger activated)
Setting up libguestfs0:amd64 (1:1.32.2-4ubuntu2) ...
Setting up libguestfs-hfsplus:amd64 (1:1.32.2-4ubuntu2) ...
Setting up libguestfs-perl (1:1.32.2-4ubuntu2) ...
Setting up libguestfs-reiserfs:amd64 (1:1.32.2-4ubuntu2) ...
Setting up libguestfs-tools (1:1.32.2-4ubuntu2) ...
Setting up libguestfs-xfs:amd64 (1:1.32.2-4ubuntu2) ...
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Processing triggers for systemd (229-4ubuntu19) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for initramfs-tools (0.122ubuntu8.8) ...
update-initramfs: Generating /boot/initrd.img-4.10.0-28-generic
W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.

#2 shutdown the Virtual Machine VM1

You need to get your VM ID using virsh list command, Type the following command:

# virsh list

Outputs:

Id Name State
----------------------------------------------------
3 vm1 running

So the ID of VM is 3. Then type the following command to shutdown this VM:

# virsh shutdown 3

Or

# virsh shutdown vm1

Outputs:

devops@devops-VirtualBox:~# virsh shutdown vm1
Domain 3 is being shutdown

#3 Get the Location of KVM VM Image

You need to use the virsh dumpxml to get the location of the vm image file, type:

# virsh dumpxml vm1 | grep ‘source file’

Outputs:

devops@devops-VirtualBox:~ # virsh dumpxml vm1 | grep ‘source file’
<source file='/var/lib/libvirt/images/vm1.qcow2'/>

#4 Generate the encrypted password for root user in VM

You can use the Openssl command to generate a password based on MD5 password algorithm. Type:

# openssl passwd -1 “your password here”

Outputs:

root@devops-VirtualBox:~# openssl passwd -1 123456
$1$zk1J5yOp$l.uW/UxXpNuPSY/ziiGrr0

You need to copy this MD5 password, and it will be used to update the old password with this one.

#5 edit the VM filesystem with guestfish tool

Type the following command to edit the vm image:

#guestfish –rw –a /var/lib/libvirt/images/vm1.qcow2

Then it will enter into an interactive shell like this:

<fs> launch
><fs> list-filesystems
/dev/sda1: ext4
><fs>mount /dev/sda1 /
><fs> vi /etc/shadow

Then you need to find the root user line and then replace the old encrypted password with the above newly password. Save and close the file.

><fs> flush
><fs> quit

#6 restart virtual machine vm1

Type the command:

#vish start vm1

Then you can use the newly password to login the VM1 guest.

See Also: guestfish(1) – Linux man page