TL;DR – Linux root password recovery
- You need console access: Password recovery is easy once you can reach the bootloader, impossible if you cannot.
- Ubuntu, RHEL and Debian differ: The reset path changes at the boot stage, not at the
passwdstage. - RHEL usually needs extra care: If SELinux is enforcing, relabel after the reset if you used the
rd.breakpath. - Cloud boxes are their own case: Provider console or rescue access often matters more than distro knowledge.
Start here: If you only need the older distro-specific walkthroughs, start with How to Reset a Lost Root Password in Linux or How to Change the Ubuntu Root Password. This page puts the Ubuntu, RHEL and Debian approaches side by side.
| Distro | When | Recovery path |
|---|---|---|
| Ubuntu | Local VM or console access | Recovery mode -> root shell -> mount -o remount,rw / -> passwd |
| RHEL | GRUB available at boot | rd.break -> mount -o remount,rw /sysroot -> chroot /sysroot -> passwd |
| Debian | GRUB edit or recovery shell | single-user shell -> passwd -> reboot |
| Cloud VM | Lost SSH only | Use provider console or rescue workflow first |
At a command level, password recovery is not complicated. The complication is getting a writable root shell on the right system in the right state. That is why so many root-password guides feel longer than the command they are built around.
What this guide actually covers
This guide is for situations where you own the machine or VM, can reach GRUB or a recovery console, and need to reset a lost or unknown root password. It is not a bypass trick for managed hosting. If you only lost SSH access but still have another privileged user, that is a simpler problem.
Ubuntu: recovery mode is the clean path
On Ubuntu, the recovery menu is usually the least dramatic option. Drop to the root shell, remount the root filesystem read-write, reset the password, then reboot. If you normally administer the box with sudo rather than root, consider whether you really need to enable direct root login afterwards.
RHEL: use rd.break and remember SELinux
RHEL is the one that catches people because the reset often happens from an initramfs shell rather than a friendly recovery menu. If SELinux is enforcing and you skip the relabel step after changing the password from that environment, you can create a second login problem.
Debian: same goal, simpler boot semantics
Debian recovery tends to be conceptually closer to Ubuntu than to RHEL. The pattern is still the same: get a root shell, remount read-write if necessary, reset the password, reboot cleanly.
The caveats that matter in real environments
- Encrypted disks: Recovery still depends on being able to unlock the volume at boot.
- Cloud VMs: You may need hypervisor console access, not just SSH.
- Modern admin habits: Many teams should reset a privileged sudo-capable user instead of leaning on the root account.
- Change windows: If the machine is critical, capture the steps before you reboot into recovery.
Once access is restored, the next job should usually be hardening, not celebration. Pair this with Linux SSH Hardening Checklist for Small Servers and Home Labs if the box is remotely accessible.