You can modify images with guestfish. It is a shell and command-line tool for examining and editing virtual machine filesystems. It uses libguestfs and exposes all of the functionality of the guestfs API. This page shows how to use guestfish to change the root account password.
How to install guestfish
If you are using CentOS/RHEL use yum command:
$ sudo yum install libguestfs-tools
Fedora Linux user run dnf command:
$ sudo dnf install libguestfs-tools
Debian/Ubuntu Linux user run apt command/apt-get command:
$ sudo apt install libguestfs-tools
Step 1 – Shutdown guest VM
Run the following virsh command:
# virsh list
Sample outputs:
Id Name State ---------------------------------------------------- 2 debian9-vm1 running
To shutdown the VM named debian9-vm1:
# virsh shutdown 2
OR
# virsh shutdown debian9-vm1
Sample outputs:
Domain debian9-vm1 is being shutdown
Step 2 – Find location of KVM VM image
Type the following command to get location of qcow2 image:
# virsh dumpxml debian9-vm1 | grep 'source file'
Sample outputs:
<source file='/var/lib/libvirt/images/debian9-vm1.qcow2'/>
Step 3 – Reset/change the root password using guestfish
First generate new root user account password by typing the following command:
# openssl passwd -1 mySecretRootAccountPasswordHere
$1$M1bf5Y3T$p2CYEz8vlUD2R.fXydTLt.
Please copy $1$M1bf5Y3T$p2CYEz8vlUD2R.fXydTLt. password. You need to use this one in next few steps.
How to reset forgotten root password for Linux KVM vm
Let us start the procedure by running the following guestfish command:
# guestfish --rw -a /var/lib/libvirt/images/debian9-vm1.qcow2
You will see a prompt as follows:
><fs>
To launch the backend either type ‘run’ or ‘launch’ command:
><fs> launchTo list partitions type:
><fs> list-filesystemsNow mount whatever disk you found it. For example, I found /dev/sda1, so I run the following mount command:
><fs> mount /dev/sda1 /Edit the /etc/shadow file using a text editor such as vi command or emacs command:
><fs> vi /etc/shadow
Find root account entry and delete encrypted password. From:
root:$6$FU5Nl9oxxxx:17572:0:99999:7:::To (replace as follows from above openssl command):
root:$1$M1bf5Y3T$p2CYEz8vlUD2R.fXydTLt.:17572:0:99999:7:::Save and close the file in vi/vim. Run sync command:
><fs> flushFinally, quit guestfish:
><fs> quitStep 4 – Start VM
It is time to test your new root password. So start the VM:
# virsh start debian9-vm1
Sample outputs:
Domain debian9-vm1 started
You can now login using console or ssh:
# ssh vivek@debian9-vm1
$ su -
OR use console command:
# virsh list
# virsh console debian9-vm1
A note about virt-customize command
If you find above method difficult try the following simple command:
# virsh shutdown debian9-vm1
# virt-customize -a /var/lib/libvirt/images/debian9-vm1.qcow2 --root-password password:NewRootUserPasswordHere --uninstall cloud-init
Sample outputs:
Start the VM and test new root password with ssh/console command:
# virsh start debian9-vm1
For more info read man page of guestfish:
$ man guestfish
$ man virt-customize
See also
- Linux reset forgotten root password
- FreeBSD Reset or Recover Root Password
- How to: OpenBSD reset root password
- MySQL Reset Root Password
- How To Recover Linux Grub Boot Loader Password
- How to install KVM on CentOS 7 / RHEL 7 Headless Server
- How to install KVM on Ubuntu 16.04 LTS Headless Server
- How to install KVM server on Debian Linux 9 Headless Server
- How to reset root password for Linux KVM VM
- How to clone existing KVM virtual machine images on Linux
- How to reset a KVM clone virtual Machines with virt-sysprep on Linux