Reset the Root password of your server in expert mode

If you have forgotten the 'root' password for your server in expert mode, you have the ability to reset it by following next procedure. Note that the support at Gandi does NOT have access to your password and thus cannot change or reset it.

Thanks to the way our virtual servers are built, changing the root password can be easily done by yourself in a few minutes.


This procedure requires the creation of a new temporary server on which you will have to attach the system disk tied to the password you want to reset.

Please login to owner's account of the server for which you want to reset the password and make sure you have at least enough credits for the operation.

Our billing system will let you create a server for just the time of the operation, and since the billing is done on an hourly basis, it will only cost you a few cents.


Create a new server

Please use the following page to create a new server in Classic mode by using your available share:

You will have to choose the right distribution and then validate the server's creation.

Detach and reattach the system disk

Stop the server for which you forgot the password and then detach the system disk. Afterward, attach the same disk to the newly created server. This will actually allow you to edit the '/etc/shadow' file listing the encrypted passwords.

Edit the password

Connect to the newly created server through SSH and check that the system disk from the previous server is correctly mounted (use the 'mount' for this purpose) and this is the result you should get

root@Haz:/home/toor# mount
/dev/xvda1 on / type ext4 (rw,noatime,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
tmpfs on /var/gandi type tmpfs (rw,relatime,size=24k,mode=755)
/dev/xvdb on /srv/DEBIAN6_64 type ext4 (rw,nosuid,nodev,noatime)

The mounting point of the disk should be associated to '/dev/xvdb' for the newly created server. In the above example, the mounting point is '/srv/DEBIAN6_64'.

Then, check in the file '/srv/nom_du_disque/etc/shadow' for the encryption mode used for the passwords. The first word is the user name then the password is encrypted after the ':'.


In order to know the encryption mode used, you simply have to refer to the first characters of the password:

  • MD5 → Start with '$1'
  • Blowfish → Start with '$2a'
  • SHA-256 → Start with '$5'
  • SHA-512 → Start with '$6'

So in our example, '$6$l4ItWWD.$xy0ZiLQ540cDl3MvhczwvRJ555zPeC' is encrypted through SHA-512. To create a new password with the right encryption, please use the following commande 'mkpasswd -m encryptage':

root@Haz:/home/toor# mkpasswd -m sha-512
Password : 

Edit the '/srv/nom_du_disque/etc/shadow' file and replace the former password (between a set of ”:”) like this:





To finish the procedure, detach the system disk from the new server and reattach it to the previous one. When you server is rebooted, you will be able to access it with your new password.

Of course you will be able to stop and delete the newly created server.

Last modified: 05/28/2013 at 14:45 by Ryan A. (Gandi)