découvrez notre guide pratique sur linux pour réinitialiser facilement un mot de passe perdu. suivez nos étapes simples et efficaces pour récupérer l'accès à votre système sans stress.

Linux: A Practical Guide to Resetting a Lost Password

by

Losing a password on a Linux system can quickly become a critical obstacle, whether it’s a workstation, a corporate server, or even a Raspberry Pi used at home. Fortunately, the Linux ecosystem, rich with distributions such as Ubuntu, Debian, Fedora, Arch Linux, CentOS, Linux Mint, openSUSE, Manjaro, Raspberry Pi OS, and Red Hat, offers several robust methods for recovering or resetting a forgotten password. These methods vary depending on system configuration, hardware access, and boot environments, but they always share a common goal: securely restoring access to the legitimate user while minimizing risks to data integrity. This practical guide takes you step-by-step through these essential tasks, explaining the underlying system mechanisms, illustrating the commands, and offering pragmatic advice for effectively managing a reset without compromising security. Complete Procedure for Resetting a Linux Password with a Live USB

When the user or root password is lost, one of the most secure and versatile methods for recovering it is through a Linux live environment, usually booted from a bootable USB drive. This technique applies to most popular distributions like Ubuntu, Debian, Fedora, or Arch Linux, and provides full control over system files without modifying the existing installation.

Creating and Booting from a Linux Live USB

To begin, it’s essential to have a bootable USB drive containing a Linux image. Tools like Rufus or Ventoy

facilitate this creation. Ventoy, for example, is particularly useful for storing multiple ISO images on a single drive, a real asset for system administrators who juggle between distributions like CentOS, openSUSE, or Linux Mint. After preparing your USB drive, you’ll need to change the boot order in the BIOS/UEFI or use the Boot Menu (often accessible via the F8, F12, or Esc keys, depending on the manufacturer) to boot from the drive. This step introduces you to a temporary Linux system without overwriting the local installation. Identify and Mount the System Partition Once in the Live environment, open a terminal. The lsblk command lists all storage devices and their partitions: lsblk locates your primary drive (often named sda) and its root partition (e.g., sda2). The sizes and labels indicated help identify the correct partition, which is essential to avoid making a mistake. Once identified, you should mount this partition on an access point to access it. For example: sudo mount /dev/sda2 /mnt

This mount exposes the entire file system installed on the partition, without overwriting or modifying anything at this stage. Changing the system root to work on the actual installation (chroot) The chroot (change root) command is a fundamental trick that switches the context of commands to the mounted partition:

sudo chroot /mnt

You are then in your system stored on disk, even if you booted from the live USB drive. All changes, including password resets, will be applied directly to your system. Resetting the user or root password Before changing a password, it is useful to check the list of user accounts:

  • ls /home This command lists the user directories, indicating the names of the accounts present. To change a user’s password, the following command is used:passwd user For example, to reset the password for the user “alice”:passwd alice
  • The system will then ask for the new password twice for confirmation. Note that in this terminal, the keyboard is often configured in QWERTY by default, so be careful with the characters entered.

To change the root password, when in chroot, the command is simpler:

passwd

This directly modifies the superuser password. This step is crucial to regain full access if this password is lost.

Finalize and reboot the system

Once the changes are made, exit the chroot environment and restart the computer: exit to exit chroot.sudo rebootto reboot.

Don’t forget to remove the USB drive or reconfigure the boot order to boot naturally from the disk. Using GRUB to Reset a Lost Password on Linux

The GRUB (Grand Unified Bootloader) bootloader is a key step for accessing different versions of Linux installed on a machine and offers an intuitive method for resetting a password without a USB drive. This method is ideal for popular distributions such as Ubuntu, Fedora, openSUSE, and Arch Linux.

Accessing and Modifying GRUB Boot Options

When the system boots, press the SHIFT or Esc key to display the GRUB menu. Some distributions hide this menu by default, so it’s important to know how to force its appearance.

Once in the menu, navigate to the entry corresponding to the Linux installation (e.g., “Ubuntu”), then press the e key to edit the boot options.

You will see an editor displaying several lines, including one beginning with “linux.”

Modify the settings to boot in root mode

On this line, you must:

Remove the options

ro quiet splash $vt_handoff

which correspond to read-only mount directives and silent graphics mode.

Replace them with

rw init=/bin/bash

. This modification instructs the system to mount the partition read-write (rw) and directly launch a bash shell as the initial process.

Then, press

CTRL + X

  • or F10
  • to boot with these modified settings. In a few moments, a root prompt will appear: root@(none):~#

.

Resetting passwords from the root shell

In this context, the system is minimalist and does not require a password for root access, which makes repairs easier. Simply type:

passwd user

or passwd to change the root password. Remember to mount the system partition read-write if necessary: mount -o remount,rw / Once the password is changed, reboot the system normally with:

exec /sbin/init The system will finish booting normally and you will be able to log in with the new password. Using recovery mode to change a password

If the root password is known, it is also possible to use the recovery mode accessible via the GRUB menu:

Select

Advanced options for Ubuntu

  • or the equivalent on your distribution. Choose recovery
  • mode. Access the root command line using the “root shell prompt.”Change passwords as usual with

passwd . This method is often preferred for maintenance operations without a USB drive. https://www.youtube.com/watch?v=OTuA_TQ-eHk Resolving GNOME Keychain Errors After Password Reset It’s not uncommon to see an error message at login after resetting your password on distributions like Ubuntu, Fedora, or Linux Mint: “Your password does not match the password in the directory.”This message indicates a mismatch between the user account password and the one used to unlock the GNOME Keychain, the tool that stores Wi-Fi, SSH, VPN, and other confidential data.

Managing the GNOME Keychain with Seahorse

To fix this problem, you need to synchronize or reset this keychain. The Seahorse graphical tool allows you to easily manage stored passwords:

Launch Seahorse from the menu or with the seahorse command in a terminal.

In the “Login” section, right-click the keychain in question and choose Delete.

Confirm the deletion, as this will erase all saved passwords (Wi-Fi, SSH, etc.). Log out or reboot to have the keychain automatically recreated the next time you log in. To avoid data loss, it is recommended to back up passwords before this operation if possible.

Manually create a new keychain

If the keychain is not automatically recreated after deletion, it is possible to do so manually via Seahorse:

Select

Add Password

then

New Keychain

.

  • Name this keychain and set a new password, ideally the same as the user account password to avoid future errors. Then restart the session. These steps ensure a smooth user experience after password recovery.
  • https://www.youtube.com/watch?v=sUp5ZKtXo1M Best practices and recommendations for securing your Linux system after a resetThe ease of resetting a password on Linux, while a lifesaver, highlights the importance of a good security policy, especially on distributions used in enterprises like Red Hat, CentOS, or Debian. Physical access to a machine opens the door to almost complete intrusion if no additional measures are taken.
  • Secure Physical Access and the Boot Loader
  • To prevent anyone from modifying GRUB settings or booting from a Live USB, several safeguards should be implemented: BIOS/UEFI Protection: Add a password to prevent unauthorized modifications.

GRUB Password

: This prevents unauthorized editing of boot options that allow launching a root shell.

Disk Encryption

with tools like

LUKSor

VeraCrypt : Even when accessing a Live USB, data remains protected.Limit physical access to critical machines as much as possible. Implement backup and access management procedures

Beyond physical protection, good password and permission management is essential on Linux:

Use complex and distinct passwords for user and root accounts. Implement a Linux-compatible password manager such as nmcli for network management and easy integration. Document access and regularly change sensitive passwords.

  • Train users to never share their passwords in plain text. Use notification and monitoring tools. Some open source projects offer advanced features to monitor system status and detect anomalies that could indicate unauthorized access: Linux implements a standardized system to alert the user space of critical hardware failures, such as GPU failures (more information here). The use of logging systems with real-time analysis is recommended to track user account changes.
  • https://www.youtube.com/watch?v=PFU3sjNxZZY