Reset the Root User Password from Rescue Mode

Suggest Edits

If you're unable to reset the password for your Linux® cloud server by
using the Cloud Control Panel, you can use the following steps to perform
this task by using rescue mode:

Place the server into rescue mode.

For more information on placing your server into rescue mode, see
Rescue Mode.
Connect to the server that is in rescue mode by using the following
command, replacing ip address of the server with the Internet Protocol
(IP) address for your server:
```
ssh root@<ip address of the server>
```
If the following message displays when you try to connect from a Mac®
OS X or Linux system, someone could be eavesdropping on you in a man-in-the-
middle attack, or the RSA host key might have just been changed:
```
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
```
Contact your system administrator.

Add the correct host key in your ~/home/<user name>/.ssh/known_hosts file
to prevent this message from displaying.

The wrong key displays as the following line of code in the output:
```
Offending key in **/root/.ssh/known_hosts**:running<line number>
```
You need to edit the .ssh/known_hosts file to remove the line for the
server's IP address.

If you are connecting from a Mac OS X or Linux system you need to edit the
file at ~/home/<user name>/.ssh/known_hosts.
We recommend that you periodically run the file system check (fsck)
command. Performing this step prevents the check from automatically
running during a reboot, causing boot time to take longer than you expect.

You run this check on /dev/xvdb1 if your server is using the XenServer®
hypervisor, and /dev/sdb1 if it is using Xen® Classic.

The following example reset command uses /dev/xvdb1:
```
fsck -fyv /dev/xvdb1
```
This command forces a file system check (f flag), automatically responds
yes to any questions that the system prompts for (y flag), and displays
a verbose output at the end (v flag).
Mount the file system by using the following steps:

a. Make a temporary directory by running the following command:
```
    mkdir /mnt/rescue
```
b. Mount the file system to that temporary directory by running the
following command:
```
    mount /dev/xvdb1 /mnt/rescue

    chroot /mnt/rescue
```
This example uses the chroot operation. This command enables you to set
the root of the system in a temporary environment. Performing this step
helps with recovery.
Run the passwd command to update your root password on the original cloud
server's hard drive, as shown in the following example:
```
passwd
```
This command prompts you for your new password twice, and then
updates the appropriate files.
Exit out of chroot mode by entering the following command:

exit
Unmount your original drive by entering the following command:

umount /mnt/rescue
Exit out of Secure Shell (SSH), then exit rescue mode.
Edit the .ssh/know_host file to remove the line
for the server's IP address.
If you are connecting from a Mac OS X or Linux system, you need to edit the
file at ~/home/<user name>/.ssh/known_hosts.

When your cloud server boots back up outside of rescue mode, you can use the
password that you set in step 5 to log in.

You only need to perform this step if nova-agent isn't running properly or
isn't responding inside of the guest operating system (OS). nova-agent is the
service that connects the guest OS to Rackspace's
Cloud Control Panel so that you can perform tasks such as resetting the
password and creating a new Cloud Server from an image. If you're experiencing
an issue with nova-agent, contact your account manager or Rackspace Support.

Updated 4 months ago