How To Change The Root Password In Linux : Secure Shell Password Reset Steps

by

System administrators often need to update the root password to maintain server security. If you are wondering how to change the root password in linux, this guide walks you through the process step by step. Whether you have access to the current password or need to reset it from recovery mode, we cover both scenarios.

Changing the root password is a common task for anyone managing a Linux server. It helps protect against unauthorized access and ensures only trusted users have full system control. You might need to do this after hiring a new admin or if you suspect a security breach.

In this article, we explain multiple methods to change the root password. You will learn the command-line approach, the recovery mode method, and tips for setting strong passwords. Let’s get started.

Why You Need To Change The Root Password

The root account has unlimited access to your Linux system. If someone else knows the password, they can change settings, delete files, or install malicious software. Regularly updating the password reduces these risks.

Common reasons to change it include:

  • Employee turnover in your IT team
  • Compliance requirements for security audits
  • Suspected compromise of current credentials
  • Initial setup after installing a new server

Even if you are the only user, changing the password periodically is a good practice. It prevents accidental leaks and keeps your system secure.

How To Change The Root Password In Linux

This section covers the standard method using the passwd command. You need current root access or sudo privileges to proceed.

Step 1: Open A Terminal

Log into your Linux system as a regular user with sudo rights, or directly as root. Open a terminal emulator. On most desktop environments, you can find it in the applications menu.

Step 2: Switch To Root Or Use Sudo

If you are logged in as a regular user, use the sudo -i or su - command to become root. You will be prompted for your user password (if using sudo) or the current root password (if using su).

Step 3: Run The Passwd Command

Type passwd and press Enter. The system will ask you to enter the new password twice for confirmation.

  1. Enter your new root password
  2. Re-enter it to verify
  3. Wait for the success message: “passwd: password updated successfully”

That is all. The root password is now changed. Make sure you remember it or store it in a secure password manager.

Important Notes About The Passwd Command

  • The password is not shown on screen as you type
  • You cannot use a password shorter than the system’s minimum length (usually 6 characters)
  • Some systems enforce complexity rules, like requiring uppercase, numbers, or symbols

Changing Root Password Without Current Access

What if you forgot the root password? Do not worry. You can reset it using recovery mode or a live CD. This method works on most Linux distributions.

Method 1: Using Single-User Mode (GRUB)

Single-user mode gives you a root shell without a password. Follow these steps:

  1. Reboot your system
  2. During boot, press and hold the Shift key (or Esc on some systems) to enter the GRUB menu
  3. Select the kernel you want to boot and press ‘e’ to edit
  4. Find the line starting with “linux” or “linux16”
  5. Add single or init=/bin/bash at the end of that line
  6. Press Ctrl+X or F10 to boot
  7. You will get a root shell. Type passwd and set a new password
  8. Type reboot to restart normally

This method works on Ubuntu, Debian, CentOS, and many others. The exact key to enter GRUB may vary, so check your distribution’s documentation.

Method 2: Using A Live USB

If you cannot access GRUB, use a live Linux USB. Here is how:

  1. Boot from a live USB (like Ubuntu Live)
  2. Open a terminal and become root with sudo -i
  3. Mount your system’s root partition. For example: mount /dev/sda1 /mnt
  4. Change root to that partition: chroot /mnt
  5. Run passwd and set the new password
  6. Exit chroot with exit, unmount the partition, and reboot

Make sure you know which partition holds your root filesystem. Use lsblk or fdisk -l to list them.

Setting A Strong Root Password

A weak password defeats the purpose of changing it. Follow these guidelines when choosing a new password:

  • Use at least 12 characters
  • Include uppercase letters, lowercase letters, numbers, and symbols
  • Avoid common words, names, or dates
  • Do not reuse passwords from other accounts
  • Consider using a passphrase, like “Purple-Monkey-42-Dishwasher!”

You can generate a random password with the openssl rand -base64 12 command. Store it securely.

Verifying The Password Change

After changing the password, test it to ensure it works. Log out of your current session and try logging in as root with the new password. Alternatively, use su - from a regular user account.

If you get an “Authentication failure” error, double-check your typing. Remember that passwords are case-sensitive.

Common Issues And Troubleshooting

Sometimes the password change does not go as planned. Here are frequent problems and solutions:

Issue 1: “Passwd: Authentication Token Manipulation Error”

This usually means you do not have sufficient privileges. Make sure you are root or using sudo.

Issue 2: Password Too Weak

Linux may reject weak passwords. Use a stronger combination or temporarily disable password quality checks (not recommended for production).

Issue 3: Cannot Boot Into Single-User Mode

Some systems have GRUB password protection. If so, you need the GRUB password first. Alternatively, use the live USB method.

Issue 4: Changes Not Persisting After Reboot

If you used a live USB and forgot to chroot, the password change applied to the live system, not your installed one. Repeat the process with proper chroot.

Security Best Practices For Root Access

Changing the password is just one part of securing root. Consider these additional steps:

  • Disable direct root login via SSH by setting PermitRootLogin no in /etc/ssh/sshd_config
  • Use sudo for administrative tasks instead of logging in as root
  • Enable two-factor authentication for SSH
  • Regularly audit who has sudo access
  • Keep your system updated to patch vulnerabilities

These practices reduce the risk of unauthorized access even if someone learns the root password.

Frequently Asked Questions

Can I Change The Root Password Without Knowing The Current One?

Yes, you can use single-user mode or a live USB to reset it. These methods bypass the need for the current password.

What Is The Command To Change Root Password In Linux?

The command is passwd when run as root. Alternatively, use sudo passwd root from a sudo-enabled user.

How Do I Change Root Password In Ubuntu?

Ubuntu uses sudo by default. Run sudo passwd root and enter your user password, then set the new root password.

Is It Safe To Set An Empty Root Password?

No. An empty password leaves your system completely open. Always set a strong password.

What If I Get “Passwd: Password Unchanged” Error?

This error often occurs when the new password does not meet complexity requirements. Try a longer or more complex password.

Conclusion

Now you know how to change the root password in linux using both standard and recovery methods. The process is straightforward when you have current access, and recovery options exist if you do not. Always choose a strong password and follow security best practices to protect your system.

Remember to test the new password immediately after changing it. If you run into issues, refer to the troubleshooting section or consult your distribution’s documentation. Regular password changes are a simple yet effective way to maintain server security.

By mastering this task, you gain better control over your Linux environment. Whether you manage a single server or a fleet of machines, these skills are essential for any system administrator.