Recently I received two emails from my readers. One of my reader wrote that my procedure to reset the root password on vCenter Appliance (VCSA) 5.5 is not valid for 6.x version and the second mentioned that he forgot the GRUB password and was not able to reset the root password.
Because recently I haven't had any problem with my memory 😉 and I haven't had to reset the root password on my VCSA 6.0 U1, I decided to investigate and confirm how to reset the root password on VCSA 6.x just for fun 😉 I checked and the mentioned procedure for VCSA 5.5 also works for VCSA 6.x... However you have to know the GRUB password. If you do not remember the GRUB password, also it is possible to change/reset root password. vCenter Appliance (VCSA) is based on SUSE Linux so it should work a procedure to reset root password as for standard linux - boot a VM using a livecd Linux distribution (e.g. Fedora, Debian or Knoppix) and use a tool mkpasswd to regenerate a password hash. In this post I will show step by step how to reset the root password on vCenter Appliance (VCSA) 5.5 or 6.x by regenerating hash.
At first you need a livecd Linux distribution, I used Knoppix but it can be Fedora. However Knoppix contains mkpasswd by default but if you use Fedora, you would have to install it via yum/dnf (so also internet access would be necessary..).
- Mount a livecd Linux to the VCSA VM.
- Set up boot from CDROM in VM BIOS.
- Boot VM using livecd.
Open a terminal and enter the following commands to create a mount folder and mount VCSA disk to the mount folder:
sudo mkdir /mnt/vcsa
sudo mount /dev/disk /mnt/vcsa
Create a backup of the shadow file and create a txt file with root hash. Then generate a new hash using a new password and salt (between $):
sudo cp /mnt/folder/etc/shadow /mnt/folder/etc/shadow.copy
sudo cat /mnt/folder/etc/shadow | grep root > hash.txt
mkpasswd -m sha-512 new_password old_salt
- Copy and paste a new hash to the shadow file (open the shadow file using vi). Save the file using :wq!
Reboot the VCSA VM:
As I showed in this post, if you forget the root password (and GRUB password as well), you can reset it almost as easy as patching VCSA 🙂