Reset Passwords and SSH Keys in Fedora CoreOS

<?xml encoding="utf-8" ??>

Introduction

Use these steps if you are locked out of your Fedora CoreOS instance or need to change passwords or SSH keys. You must boot into single-user mode to regain access.

1. Boot in Single User Mode

1. Access the instance console in the Vultr customer portal.

   

2. Click the Send CtrlAltDel button on the top right of the web console.

   

   You can also click the Server Restart icon.

   

3. As the system boots, press E to edit the GRUB boot options. This happens quickly, you have approximately one second to intercept the boot process. If you miss the prompt, restart the server and try again.

4. Find the kernel line starting with linux.

5. Remove the console option that reads console=ttyts0,115200n8.

   

6. Add single to the end of the kernel line.

7. Press CTRL+X to start.

   

8. The system will boot to rescue mode. Press ENTER for single-user (maintenance) mode.

   

2. Change the Core User Password

1. As root, use the passwd utility to change the core user password.

   # passwd core
   Changing password for user core.
   New password:
   Retype new password:
   passwd: all authentication tokens updated successfully.
   

2. Reboot the system:

   # /sbin/reboot -f
   

3. Change the Core User SSH key

1. Log in with the web console as core with the new password.

2. Add a new public key to ~/.ssh/authorized_keys.d/. Choose a logical filename for the key.

   📝 Note: The web console does not support copy and paste. The easiest method is to upload the key to a public site, then use curl. Delete the key from the website when finished.

   $ curl https://example.com/id_rsa.pub >> ~/.ssh/authorized_keys.d/new_public_key
   

3. Set the permissions for the new public key.

   $ chmod 600 ~/.ssh/authorized_keys.d/new_public_key
   

4. Recommended: Lock the core user password.

   $ sudo passwd -l core
   passwd: success
   

5. Log out of the web console.

6. Log in as core via SSH with your new key.