This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: ✔️ Linux VMs
This article provides three methods to reset local Linux Virtual Machine (VM) passwords. If the user account is expired or you want to create a new account, you can use the following methods to create a new local admin account and regain access to the VM.
You can reset the password without attaching the OS disk to another VM. This method requires that the Azure Linux Agent be installed on the affected VM.
Make sure that the Azure Linux Agent (waagent) service is running on the affected VM and is in a ready state in the Azure portal.
Set up the environment variables, and use the Azure CLI or Azure Cloud Shell to do the password reset:
AZ_RESOURCE_GROUP="YourResourceGroupName"
AZ_VM_NAME="VMname"
AZ_ADMIN_USER="adminName"
AZ_MSADMIN_PASS="newPassword"
az vm user update -u $AZ_ADMIN_USER -p $AZ_MSADMIN_PASS -g $AZ_RESOURCE_GROUP -n $AZ_VM_NAME
Try to access the VM.
To update the SSH key, see Manage administrative users, SSH by using the VMAccess Extension with the Azure CLI.
You can also reset the password or SSH key by using the Reset Password feature in the Azure portal.
For more information, see vmaccess extension for Linux.
You can use the serial console to reset the admin user or root account through single-user mode for VM access.
Follow the single-user mode process to reset or add a password.
Make sure that password authentication is enabled on the OpenSSH server if you try to log in to the server by using the SSH and password authentication.
Check whether the PasswordAuthentitcation value is set to yes or no in /etc/ssh/sshd_config by running the following command:
egrep "^PasswordAuthentication" /etc/ssh/sshd_config
If the PasswordAuthentication value is set to no, use a text editor such as vi or nano to change the value to yes.
Create a new password for the admin user or root account by running the passwd command:
passwd <admin_user>
Check whether SElinux is in enforcing mode in /etc/sysconfig/selinux by running the following command:
cat /etc/sysconfig/selinux
If SElinux is in enforcing mode, make sure that SElinux allows the file changes made with the passwd command. After the password is changed, you can run the following command to relabel the file system to facilitate the loading of the alteration.
touch /.autorelabel
Reboot the VM by running the following command:
/usr/sbin/reboot -f
Try to access the VM.
This method has been tested by using the supported Linux distributions and versions.
Note
If you're experiencing problems that affect an Azure network virtual appliance, this method doesn't apply to your situation. Instead, you must contact the vendor of the network virtual appliance to get instructions about how to do a password reset safely.
You can run the vm repair commands to create a repair VM that has a copy of the affected VM's OS disk attached. Then, mount the copy of the OS file systems on the repair VM via the chroot environment.
Note
Alternatively, create a rescue VM manually by using the Azure portal. For more information, see Troubleshoot a Linux VM by attaching the OS disk to a recovery VM using the Azure portal.
Run the following az vm repair create commands to create a copy of the OS disk. Then, the disk is attached to a recovery VM automatically.
AZ_RESOURCE_GROUP="YourResourceGroupName"
AZ_VM_NAME="VMname"
AZ_ADMIN_USER="userName"
AZ_MSADMIN_PASS="newPassword"
az vm repair create -g $AZ_RESOURCE_GROUP -n $AZ_VM_NAME --repair-username $AZ_ADMIN_USER --repair-password "$AZ_MSADMIN_PASS" --verbose
Log in to the repair VM and troubleshoot the chroot environment.
Make sure that password authentication is enabled on the OpenSSH server if you try to log in to the server by using the SSH and password authentication.
Check whether the PasswordAuthentitcation value is set to yes or no in /etc/ssh/sshd_config by running the following command:
egrep "^PasswordAuthentication" /etc/ssh/sshd_config
If the PasswordAuthentication value is set to no, use a text editor such as vi or nano to change the value to yes.
Create a new password for the admin user or root account by running the passwd command:
passwd <admin_user>
Check whether SElinux is in enforcing mode in /etc/sysconfig/selinux by running the following command:
cat /etc/sysconfig/selinux
If SElinux is in enforcing mode, make sure that SElinux allows the file changes made with the passwd command. After the password is changed, you can run the following command to relabel the file system to facilitate the loading of the alteration.
touch /.autorelabel
Exit the chroot environment.
Remount the OS disk to the affected VM by swapping the OS disk with the following command:
az vm repair restore -g $AZ_RESOURCE_GROUP -n $AZ_VM_NAME --verbose
Try to access the VM.
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.
Training
Module
Provisioning a Linux virtual machine in Microsoft Azure - Training
Learn about different methods of provisioning Linux virtual machines in Microsoft Azure.
Certification
Microsoft Certified: Azure Administrator Associate - Certifications
Demonstrate key skills to configure, manage, secure, and administer key professional functions in Microsoft Azure.