Last updated on August 19, 2020 by Dan Nanni
When you create an LXC container, it will have the default username/password set up. The default username/password will vary depending on which LXC template was used to create the container. For example, Debian LXC will have the default username/password set to root
/root
. Fedora LXC will have the root password set as expired, so it can be set on the first login. Ubuntu LXC will have ubuntu
/ubuntu
as the default username/password. For any pre-built container images downloaded from third-party repositories, their default username/password will also be image-specific.
If you do not know the default username/password of your LXC container, there is an easy way to find the default username and reset its password.
First of all, make sure to stop the LXC container before proceeding.
$ sudo lxc-stop -n <container_name>
To find the default username created in an LXC container, open the /etc/passwd
of the container, which can be found at /var/lib/lxc/<container-name>/rootfs/etc/passwd of the LXC host. In the passwd
file of the container, look for "login-enabled" users, which have /bin/bash
(or something similar) listed as their login shell. Any of such usernames can be the default username of the container. For example, in the screenshot below, the usernames ubuntu
or sdn
are login-enabled.
Any username which has /usr/sbin/nologin
or /bin/false
as its login shell is login-disabled.
To reset the password of any login-enabled username, you can modify /etc/shadow
file of the container, which can be fount at /var/lib/lxc/<container-name>/rootfs/etc/shadow
of the LXC host. In Linux, the /etc/shadow
file stores one-way encrypted passwords (password hashes) of user accounts. Each line in /etc/shadow
is formatted as strings concatenated with :
delimeter. The first two strings represent a username and its encrypted password.
<username>:<encrypted-password>:16728:0:99999:7:::
If the password field is set to !
or *
, it means the user account is locked for access or completely disabled for login.
To reset the password of any login-enabled username, all you have to do is to remove the password hash of the username and leave the :
delimeter only. For example, for username sdn
, change:
sdn:$6$OJWSjfOg$KCCCySxj97qUtv0eFVXQgNf.j1YPCp1ahnmLMu5n/VzcshQgPfiasWq4mNzjbPcOrabmTgrRNB29e7P7vGFh1:16631:0:99999:7:::
to:
sdn::16631:0:99999:7:::
Similarly, to reset the root password, simply delete the password hash of the root.
root::16631:0:99999:7:::
With the password field set to empty, you will be able to login to the user account without any password from the console. Now start the container, and verify password-less console login.
Don't forget to set a new password using passwd
after successful login.
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.
Xmodulo © 2021 ‒ About ‒ Write for Us ‒ Feed ‒ Powered by DigitalOcean