Last updated on August 19, 2020 by Dan Nanni
When you create an LXC container, it will have the default username/password set up. The default username/password will vary depending on which LXC template was used to create the container. For example, Debian LXC will have the default username/password set to
root. Fedora LXC will have the root password set as expired, so it can be set on the first login. Ubuntu LXC will have
ubuntu as the default username/password. For any pre-built container images downloaded from third-party repositories, their default username/password will also be image-specific.
If you do not know the default username/password of your LXC container, there is an easy way to find the default username and reset its password.
First of all, make sure to stop the LXC container before proceeding.
$ sudo lxc-stop -n <container_name>
To find the default username created in an LXC container, open the
/etc/passwd of the container, which can be found at /var/lib/lxc/<container-name>/rootfs/etc/passwd of the LXC host. In the
passwd file of the container, look for "login-enabled" users, which have
/bin/bash (or something similar) listed as their login shell. Any of such usernames can be the default username of the container. For example, in the screenshot below, the usernames
sdn are login-enabled.
Any username which has
/bin/false as its login shell is login-disabled.
To reset the password of any login-enabled username, you can modify
/etc/shadow file of the container, which can be fount at
/var/lib/lxc/<container-name>/rootfs/etc/shadow of the LXC host. In Linux, the
/etc/shadow file stores one-way encrypted passwords (password hashes) of user accounts. Each line in
/etc/shadow is formatted as strings concatenated with
: delimeter. The first two strings represent a username and its encrypted password.
If the password field is set to
*, it means the user account is locked for access or completely disabled for login.
To reset the password of any login-enabled username, all you have to do is to remove the password hash of the username and leave the
: delimeter only. For example, for username
Similarly, to reset the root password, simply delete the password hash of the root.
With the password field set to empty, you will be able to login to the user account without any password from the console. Now start the container, and verify password-less console login.
Don't forget to set a new password using
passwd after successful login.
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.