Packetwatch Research

Forgotten root password in OpenBSD



Last modified: Nov. 22, 2009

Contents
1 - Summary
2 - Console set to secure
3 - Console set to insecure


1 - Summary

This guide will show how to reset the root password in case you forgot it.
This has been tested in OpenBSD 4.3, 4.4 and 4.6.


2 - Console set to secure

This method works where the console is set to secure in the /etc/ttys file.
When booting into single-user mode it doesn't prompt for the root password.
Type the following to boot into single-user mode.
boot> boot -s

Press [Enter] to get to the shell.
Enter pathname of shell or RETURN for sh:

Run fsck to check the consistency of the file systems.
# fsck -p
/dev/rwd0a: file system is clean; not checking
/dev/rwd0h: file system is clean; not checking
/dev/rwd0g: file system is clean; not checking
/dev/rwd0d: file system is clean; not checking
/dev/rwd0f: file system is clean; not checking
/dev/rwd0e: file system is clean; not checking

Mount all the file systems.
# mount -a

Reset the password for the root user.
# passwd root
Changing local password for root.
New password: ********
Retype new password: ********

Reboot the system and log in with the root account using the new password.
# reboot


3 - Console set to insecure

This method works where the console is set to insecure in the /etc/ttys file.
When booting into single-user mode it does prompt for the root password. Boot
from the installation CD. Type S to get to a shell.
(I)nstall, (U)pgrade or (S)hell? S

Get a list of the disks.
# sysctl hw.disknames
hw.disknames=wd0,cd0,rd0

Get information about the hard disk.
# dmesg | grep wd0
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76293MB, 156250000 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5

Run fsck to check the consistency of the / file system.
# fsck -y -t ffs /dev/wd0a
** /dev/rwd0a
** File system is clean, not checking

Mount the / file system with read and write access.
# mount -w -t ffs /dev/wd0a /mnt

View information about the file systems.
# cat /mnt/etc/fstab
/dev/wd0a / ffs rw 1 1
/dev/wd0h /data ffw rw,nodev,nosuid 1 2
/dev/wd0g /home ffs rw,nodev,nosuid 1 2
/dev/wd0d /tmp ffs rw,nodev,nosuid 1 2
/dev/wd0f /usr ffs rw,nodev 1 2
/dev/wd0e /var ffs rw,nodev,nosuid 1 2

Mount the /usr file system with read access.
# mount -r -t ffs /dev/wd0f /mnt/usr

Change the root directory to point to /mnt and run the passwd command for the
root user.
# /mnt/usr/sbin/chroot /mnt /usr/bin/passwd root
Changing local password for root.
New password: ********
Retype new password: ********

Reboot the system and log in with the root account using the new password. Make
sure to remove the installation CD.
# reboot
Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2024.