commit 589879f0cedaca217af217a036d9ca286dff6e69 from: Alex Arx date: Sat Mar 08 10:56:20 2025 UTC add an article on resetting passwords in OpenBSD single-user mode commit - 8d8aa43123fc37b4de387a2db113c8f701f44009 commit + 589879f0cedaca217af217a036d9ca286dff6e69 blob - 53fc05fb97e57b9e2fbb67a70d79f016777dc6ec blob + bfe74c48a3175fe2850ed3363e594893bc723f5c --- art/21.install_openbsd_with_encrypted_home.txt +++ art/21.install_openbsd_with_encrypted_home.txt @@ -1,4 +1,7 @@ -INSTALL OPENBSD WITH ENCRYPTED /HOME +Title: Install OpenBSD with encrypted /home +Author: Alexander Arkhipov +Created: 2025-03-07 +Modified: 2025-03-08 Boring intro blob - /dev/null blob + b06df359c195ba273c73249b6b55a90d68443534 (mode 644) --- /dev/null +++ art/22.resetting_passwords_in_single_user_mode_on_openbsd.txt @@ -0,0 +1,53 @@ +Title: Resetting passwords in single-user mode on OpenBSD +Author: Alex Arch +Created: 2025-03-08 +Modified: 2025-03-08 + +Recently I've been careless with my password management, and lost +passwords for my openbsd.amsterdam VM. Thankfully, the system is pretty +DIY, and I was able to reset them by running the VM in single user mode. + +It's pretty simple to do, really. Here's how. + +The below commands are only really specific to openbsd.amsterdam up +until the boot prompt. After that it's the same so long as you have a +physical (in my case a "physical" serial) connection to the machine. + +$ ssh myuser@serverXX.openbsd.amsterdam +$ vmctl status | awk '$7 == "myuser" {print $9}' +vmX +$ vmctl stop -w vmX && vmctl start -c vmX + +Wait a bit, and you should get the boot prompt (">"). Quickly type +"boot -s": + +> boot -s + +Prompted for the path to shell, either just press enter, or type +/bin/ksh if you need that. + +Enter pathname of shell or RETURN for sh: /bin/ksh + +Finally, you can customise your input. + +# kbd us.dvorak +# set -o vi + +Remount the root partition as read-write, and mount the /usr partition +(you'll need passwd(1), which is in /usr/bin/passwd). + +# mount -uw / +# mount -w /usr + +If that doesn't work, you might find 'sysctl hw.disknames' and +disklabel(8) to be helpful. + +Regardless, after mounting the necessary partitions, you should be able +to reset the passwords and reboot. + +# passwd root +# passwd myuser +# reboot + +If you are on a serial console like me, press ~. (tilde dot), possibly +preceeded by Return (Enter) to disconnect. blob - eaa4661ab010a4560b60dea798333b4e6fe676b1 blob + c3ecbfb77afdab305b96fc448fe1460b5c770c82 --- plan.txt +++ plan.txt @@ -21,3 +21,9 @@ Entry: 2025-03-07 Install OpenBSD with encrypted /home: art/21.install_openbsd_with_encrypted_home.txt + + +Entry: 2025-03-08 + +Resetting passwords in single-user mode on OpenBSD +art/22.resetting_passwords_in_single_user_mode_on_openbsd.txt