reset password on linux systems

...when you have access to the filesystem

October 06, 2023


Oh no, forgot my password.

Create a password for /etc/shadow

From time to time, it happens to me, that I forgot the password for my raspberry pi user pi.

This is not a daily issue fortunately, however rather pressing. And yes, nowadays, I use a password manager, so I should be on the safe side - Nevertheless, even this sometimes fails me or I let myself down and mess things up.

This is why, I use the following command to create a new password:

$ mkpasswd --method sha-512 --stdin <<< <new_passwd>

Command details:

Obviosuly <new_passwd> should be replaced by your actual new pasword.

Example - with the exceptionally weak password test:

$ mkpasswd --method sha-512 --stdin <<< test
$6$Yh7VmDZsCmyWNQ76$3.Bqkk.OxuLnNqnj2eH5lotbEbJsDEaorEwzAkhRLG1AEt5CPe0mzzOltI2yX1oMBUefeQzoa0XHQWsxkssnl1

Ok, so far so good. What to do now with this string of characters? By the way, this is actually your given password, but encrypted.

Coming back to the raspberry pi example: I switch the raspberry pi off and mount the raspberry pi's sdcard into another system.

Then I navigate to /mnt/raspi/etc/shadow and search the line containing the user pi. This might look like this:

# /etc/shadow
pi:$6$VRBKp4g5417QhOyG$F2bNN2pRWnmK/WC.JfS1d0vFrDGFjLm8VdHdu1/PQzXuJBCxEyB5JuEuYz7P4EjQa2wDsnCiBHg1yW/Xp0pAn.:19048:0:99999:7:::

I simply replace the old encrypted password by the new encrypted password, so in the end this line says (The encrypted password changed.):

# /etc/shadow
pi:$6$Yh7VmDZsCmyWNQ76$3.Bqkk.OxuLnNqnj2eH5lotbEbJsDEaorEwzAkhRLG1AEt5CPe0mzzOltI2yX1oMBUefeQzoa0XHQWsxkssnl1:19048:0:99999:7:::

After umounting the raspberry pi's sdcard and putting it back into the raspberry pi, you can power it on again.

This time you are lucky and can log in again with user pi and password test, which - again - is not a great password.