Single User Mode - Password Recovery
Use single user mode to assist in troubleshooting system boot issues or for password recovery.
To enter single user mode:
Boot the switch. When you see the five-second countdown, press esc or F4 to go to the GRUB menu, then use the arrow keys to select Advanced options for Cumulus Linux GNU/Linux. (If you press esc or F4 more than one time, the GRUB CLI opens. Type
normal, then press Enter to go back to the countdown timer.)Before the GRUB menu appears, the switch goes through the boot cycle. Do not interrupt this autoboot process when you see the following lines; wait until you see the GRUB menu.
... USB0: Bringing USB2 host out of reset... Net: eth-0 SF: MX25L6405D with page size 4 KiB, total 8 MiB Hit any key to stop autoboot: 2GNU GRUB version 2.02+dfsg1-20 +----------------------------------------------------------------------------+ |*Cumulus Linux GNU/Linux | | Advanced options for Cumulus Linux GNU/Linux | | ONIE | | | +----------------------------------------------------------------------------+Select Cumulus Linux GNU/Linux, with Linux 4.19.0-cl-1-amd64 (recovery mode).
GNU GRUB version 2.02+dfsg1-20 +----------------------------------------------------------------------------+ | Cumulus Linux GNU/Linux, with Linux 4.19.0-cl-1-amd64 | |*Cumulus Linux GNU/Linux, with Linux 4.19.0-cl-1-amd64 (recovery mode) | | | +----------------------------------------------------------------------------+After the system reboots, set a new root password. The root user provides complete control over the switch.
root@switch:~# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfullyYou can also take this opportunity to reset the password for the cumulus account or other user accounts. You can set the user account password to expire upon the next login with the
passwd <user-account> --expirecommand. Or to change the password for a user account, run thepasswd <user-account>command. For information about user accounts, refer to User Accounts.The following example changes the password for the cumulus user:
root@switch:~# passwd cumulus Enter new UNIX password: Retype new UNIX password: passwd: password updated successfullyIf you manage the switch configuration with NVUE commands, you must also change the password for the cumulus user in the
/etc/nvue.d/startup.yamlconfiguration file. Obtain the new password’s SHA hash with the following command:root@switch:~# /usr/bin/grep cumulus /etc/shadow | /usr/bin/cut -d ":" -f 2 $y$j9T$Iytj2XM4L1RUT82vS6gge1$APrp2ETA6tsxOVDzNkq3Li478VgZIexe3ToFDYBqb/.Use the output of the command to edit the
/etc/nvue.d/startup.yamlfileroot@switch:~# nano /etc/nvue.d/startup.yaml system: aaa: user: cumulus: hashed-password: $y$j9T$Iytj2XM4L1RUT82vS6gge1$APrp2ETA6tsxOVDzNkq3Li478VgZIexe3ToFDYBqb/. role: system-adminIn Cumulus Linux 5.9 and later, user passwords must include at least one lowercase character, one uppercase character, one digit, one special character, and cannot be usernames. In addition, passwords must be a minimum of eight characters long, expire in 365 days, and provide a warning 15 days before expiration. For more information about the password security policy, refer to Password Security.
Sync the
/etcdirectory, then reboot the system:root@switch:~# sync root@switch:~# reboot -f Restarting the system.