Reset your lost password using Docker and SSH

Alex Ellis

Jul 19, 2020·4 min read

We’ve all been there. You turn on a machine in your home-lab, your Raspberry Pi, or an old PC and you’ve forgotten your password. At this point you start Googling, and that might be what brought you here.

Disclaimer

The other options that you find to do this may be a little clunky, but if you have your SSH key installed on the remote machine, and Docker, you can reset your password in a few simple commands. It’s not particularly novel, or ground-breaking, but this may be useful to you at some point as it was to me today.

Pre-reqs:

• Docker already installed on the machine
• SSH access with your public key in the authorized_keys file

I ran into this combination today, when booting up my Lenovo C30 workstation, running Ubuntu 16.04 and a version of Docker. It was a development machine with some code on it that I needed.

I tried all my passwords and none of them worked, but I did have ssh access, and once inside, I couldn’t run sudo because I didn’t have my password.

Find the host’s IP

First, shell into the machine. You will need the remote IP address of the host, and if you are not sure of it, you can use nmap to scan your local home network to find out what IPs are available to try.

For 192.168.0.0/24 (the default home network range), type in:

nmap -sP 192.168.0.0/24

I tend to run this before and after turning on a target machine. Alternatively, you can unplug the machine’s network cable and run the command before and after.

Let’s reset that password

You won’t need your password for this, but you must have previously copied your SSH key to the remote machine.

How do you copy your public SSH key to a remote computer? You can use thessh-copy-id command. It will insert your $HOME/.ssh/id_rsa.pub file in the $HOME/.ssh/authorized_keys file on the remote computer. The syntax is: ssh-copy-id user@remote-host.

ssh alex@remote-host

Now run the Ubuntu image, which can be used to run passwd alex as root.

docker run -v /etc/:/etc/ -ti ubuntu

• --v /etc/:/etc/ — is mounting the passwd and shadow file into the container

Originally I used the --privileged flag that adds additional Linux capabilities and permissions to the container. This actually wasn’t needed because you’re root inside the container and the /etc/ folder is also mounted as root.

Now I ran into a further issue: my DNS settings were broken and that meant that I couldn’t pull any new images from the Docker Hub. I couldn’t even edit /etc/resolv.conf or run any other commands to fix this. So I ran docker images to see if I had any existing images based-upon Ubuntu which I could run instead, and it turned out that I did.

docker images

In the end I actually used an old image called alexellis2/squid which was Ubuntu plus the Squid caching HTTP proxy.

Now that I had a root shell, I just ran:

/ # passwd alex
Changing password for alex
New password: 
Retype password: 
passwd: password for alex changed by root

In conclusion

That was relatively painless. There was no need to boot into recovery mode, or to use a USB pen-drive, or to thrash around on the Internet for posts titled “resetting my password on Linux”.

We should perhaps be slightly worried that Docker requires users to be in the root group, and that it’s so easy to elevate into full root on the host from Docker but this is now generally accepted.

Some companies like Red Hat will recommend that you use their alternative (podman) instead — they also recommend that users are not added to the Docker group for the reasons we discussed, but let’s be practical here. This is a configuration we are likely to encounter and should understand what it means, and how it can be useful to recovering a system.

Work is being done to make Docker and its spin-off project containerd to run without root privileges, when that becomes mainstream, then this hack will no-longer work, and I think that’ll be a good thing.

Now, we could have also avoided this mess if I’d set my user to be allowed to run sudo commands without a password. This is also frowned upon as a practice, but for home usage, it could make your life easier.

To update your user to run sudo without a password prompt run visudo to open an editor. It will start editing /etc/sudoers. Next add a line for your user or group.

Apply the setting to all users in the sudoers group:

%sudoers ALL=(ALL) NOPASSWD: ALL

Apply the setting to a single user:

alex ALL=(ALL) NOPASSWD: ALL

Further resources:

ssh-keygen can be used to generate an SSH key, and ssh-copy-id can be used to copy it to a remote machine for password-less login.

You can find out more options for sudo access via man sudo, or the excellent Arch Linux Wiki.

“Single User Mode” can also be used in Linux distributions to reset your root password. This process is a little more involved and you will require a keyboard and monitor, or a serial console in the cloud. Vultr have an excellent article for various Linux distributions.

You may also like