Strong system security requires equally strong passwords, which, in turn, make the passwords more difficult to remember. In such case that the password for the Linux root user account is lost without an alternative sign-in method like an SSH-key, you might end up locked out of your own system. Luckily, resetting the root password of your cloud server is fairly straightforward and will only take a couple of minutes to complete.
Deploying a temporary Linux host
To gain access to your old root account, you will need to be able to boot a system to a command line. A common way to do this for Linux computers is to boot into GRUB menu, but this might prove slightly difficult on cloud servers where you have no physical access to the system. Instead, you can take advantage of the virtual nature of the cloud environment and simply create a new server to mount the old disk device in.
Start by logging into your UpCloud Control Panel and selecting Deploy a server.
- Give the temporary server a name and a description.
- Select the same availability zone as your old server.
- Next, select whichever Linux distribution you wish. Usually, it is easiest to use the same OS as the system you are resetting the password for.
- Add your SSH keys. Not highly important as you will only need to log in once.
- Use a simple initialization script to shutdown the server after the first boot. It will save you some time as the server must be powered down to make changes to the disks.
#!/bin/bash shutdown -h now
- Once the new server is ready, click the Deploy button at the bottom of the page.
The deployment process will only take a few moments, but you do not have to wait for it to complete. Continue below with the next part.
Moving the old system disk to the temporary host
In the meanwhile as your new server is being deployed, shut down your old server at the control panel. If the server was installed using a custom system image, you may need to use the forced shutdown command.
With the server shut down, go to the Disks tab in your Server settings.
Make sure the disk is named so that you will be able to recognise it later, for example, <hostname>-disk0. You can rename the disk by clicking the Change name button, entering a new name, then click the Save button to confirm the change.
Next, free up the OS disk device from the host by clicking the Detach button. If you have multiple disks, leave the other devices are they are. When attaching the OS disk again after the password reset, it will be set correctly as the first device.
Open the Server settings of the temporary server and go to the Disks tab there.
Click on the Attach new disk text at the end of the disks list.
In the Attach new disk dialogue, select to Attach Existing device, then find the old system disk you just detached in the Disk Resources list. Once you have selected the right disk, click the Accept button underneath.
When the disk has been attached successfully, boot up the server and log in over SSH with the root user of the temporary host.
Resetting the root password
When logged into the temporary server, check that you can see the old system disk.
lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 253:0 0 30G 0 disk └─vda1 253:1 0 30G 0 part / vdb 253:16 0 30G 0 disk └─vdb1 253:17 0 30G 0 part
The first device vda in the above example is the system disk running the current server and the second vdb is your old system disk. To access the second disk, you will need to mount it in the running system.
mount /dev/vdb1 /mnt
Then change to the root environment of the old system.
You can now change the root password with the usual command. Enter the new password twice to confirm.
Once you have reset the password, exit the mounted system and shut down the temporary host so that you can return the old system disk where it belongs.
exit shutdown -h now
When the temporary server has been powered down, you can detach the old system disk in the Server settings and Disks tab and reattach it to its original host.
Then start the old server again.
You should now be able to log in using the root account with the password you just set and gain normal access to your server.
After confirming that the password was reset successfully, the temporary server and disk device can be deleted.