Applies to: ✔️ Linux VMs
This article provides three methods to reset local Linux Virtual Machine (VM) passwords. If the user account is expired or you want to create a new account, you can use the following methods to create a new local admin account and regain access to the VM.
Reset the password by using Azure Linux Agent
You can reset the password without attaching the OS disk to another VM. This method requires that the Azure Linux Agent be installed on the affected VM.
Make sure that the Azure Linux Agent (waagent) service is running on the affected VM and is in a ready state in the Azure portal.
Set up the environment variables, and use the Azure CLI or Azure Cloud Shell to do the password reset:
AZ_RESOURCE_GROUP="YourResourceGroupName"
AZ_VM_NAME="VMname"
AZ_ADMIN_USER="adminName"
AZ_MSADMIN_PASS="newPassword"
az vm user update -u $AZ_ADMIN_USER -p $AZ_MSADMIN_PASS -g $AZ_RESOURCE_GROUP -n $AZ_VM_NAME
Try to access the VM.
To update the SSH key, see Manage administrative users, SSH by using the VMAccess Extension with the Azure CLI.
You can also reset the password or SSH key by using the Reset Password feature in the Azure portal.
For more information, see vmaccess extension for Linux.
Reset the password by using the serial console with single-user mode
You can use the serial console to reset the admin user
or root
account through single-user mode for VM access.
Follow the single-user mode process to reset or add a password.
Make sure that password authentication is enabled on the OpenSSH server if you try to log in to the server by using the SSH and password authentication.
Check whether the PasswordAuthentitcation
value is set to yes
or no
in /etc/ssh/sshd_config
by running the following command:
egrep "^PasswordAuthentication" /etc/ssh/sshd_config
If the PasswordAuthentication
value is set to no
, use a text editor such as vi
or nano
to change the value to yes
.
Create a new password for the admin user
or root
account by running the passwd
command:
passwd <admin_user>
Check whether SElinux
is in enforcing
mode in /etc/sysconfig/selinux
by running the following command:
cat /etc/sysconfig/selinux
If SElinux
is in enforcing
mode, make sure that SElinux
allows the file changes made with the passwd
command. After the password is changed, you can run the following command to relabel the file system to facilitate the loading of the alteration.
touch /.autorelabel
Reboot the VM by running the following command:
/usr/sbin/reboot -f
Try to access the VM.
Reset the password by using a repair VM
This method has been tested by using the supported Linux distributions and versions.
Note
If you're experiencing problems that affect an Azure network virtual appliance, this method doesn't apply to your situation. Instead, you must contact the vendor of the network virtual appliance to get instructions about how to do a password reset safely.
You can run the vm repair commands to create a repair VM that has a copy of the affected VM's OS disk attached. Then, mount the copy of the OS file systems on the repair VM via the chroot environment.
Run the following az vm repair create commands to create a copy of the OS disk. Then, the disk is attached to a recovery VM automatically.
AZ_RESOURCE_GROUP="YourResourceGroupName"
AZ_VM_NAME="VMname"
AZ_ADMIN_USER="userName"
AZ_MSADMIN_PASS="newPassword"
az vm repair create -g $AZ_RESOURCE_GROUP -n $AZ_VM_NAME --repair-username $AZ_ADMIN_USER --repair-password "$AZ_MSADMIN_PASS" --verbose
Log in to the repair VM and troubleshoot the chroot environment.
Make sure that password authentication is enabled on the OpenSSH server if you try to log in to the server by using the SSH and password authentication.
Check whether the PasswordAuthentitcation
value is set to yes
or no
in /etc/ssh/sshd_config
by running the following command:
egrep "^PasswordAuthentication" /etc/ssh/sshd_config
If the PasswordAuthentication
value is set to no
, use a text editor such as vi
or nano
to change the value to yes
.
Create a new password for the admin user
or root
account by running the passwd
command:
passwd <admin_user>
Check whether SElinux
is in enforcing
mode in /etc/sysconfig/selinux
by running the following command:
cat /etc/sysconfig/selinux
If SElinux
is in enforcing
mode, make sure that SElinux
allows the file changes made with the passwd
command. After the password is changed, you can run the following command to relabel the file system to facilitate the loading of the alteration.
touch /.autorelabel
Exit the chroot environment.
Remount the OS disk to the affected VM by swapping the OS disk with the following command:
az vm repair restore -g $AZ_RESOURCE_GROUP -n $AZ_VM_NAME --verbose
Try to access the VM.
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.