I had to go through an exercise of accessing a number of a clients servers and reset the root password. They didn’t have it documented anywhere and couldn’t access any of the systems at all.
With console access it’s not so difficult.
Reboot the server and at the grub screen hit ‘e’ to edit the defaults entry.
Find the line that loads the kernel that looks something like:
linux /boot/vmlinuz-4.19.0-8-amd64 root=UUID=96a721bf-d04b-435e-8904-7f8282813b07 ro cgroup_enable=memory swapaccount=1 quiet
and add onto it
linux /boot/vmlinuz-4.19.0-8-amd64 root=UUID=96a721bf-d04b-435e-8904-7f8282813b07 ro cgroup_enable=memory swapaccount=1 quiet init=/bin/bash
Then press CTRL+X to boot the system with this temporary option. It should start pretty quickly and leave you at a bash prompt.
Remount the filesystem as read-write:
mount -o remount /
and then reset the password to whatever you like.
You will probably have to power cycle to reboot as we don’t have a proper init running.
When you’re back up and running you might want to check out the
/etc/ssh/sshd_config and add in options for
PermitRootLogin yes and
AllowPasswordAuthentication yes so you can get to the system using ssh. Don’t leave it this way. Once you’re in you can then reset the users ssh
authorized_keys to contain something you actually have access to.