Local root recovery procedure

Hi to the IPFire community,

I have recently installed IPFire to test it as a home firewall and it worked very nicely and smoothely from the start.

However, this morning, both password (root & admin) don’t work anymore - it’s not a typing mistake as, for instance, the admin password was saved in the browser I have been using to access the IPFire web GUI.

So is there a local root recovery procedure please that can be executed locally?

Many thanks!

As far as I know, there is no possibility to reset the root password. This is the main pw, because it gives you direct access to the system.
Latter is the reason why you cannot reset the pw without a reinstall. Otherwise this would be security problem.

Hope you have a recent backup for reinstall.
Sorry for the answer not being positive.



Many thanks for your swift response!

No local recovery, hum…, is that not a bit annoying, is it ?

If I’m right, this kind of local recovery procedure exists in a number of systems (linux or Unix-like), and that grants the local admin - who is often the legitimate system admin, let’s forget for a moment the "evil maid’ attack :slight_smile: - a way to re-access the system without having to reinstall.

In the present case, back up is not an issue at all - the system is a fresh install with just a few settings - it’s a kind of a oops.

Anyway, thanks very much for responding !

If you forget your root password then you cannot recover it as it is encrypted on the system.

However your case looks like you know the passwords but they no longer work so some corruption must have happened on your IPFire system.

If the password system is still working on your IPFire system then you can reset (not recover) the root password by following something like

Once you have the root password reset to a new one and you reboot the system then if you access the console using the new root password then you can run the setup command and enter a new admin password.

My personal view is that if the known correct passwords are no longer recognised then some bigger problem has occurred and the better approach would be a fresh install plus restore from a saved backup.

If you don’t have a saved backup then the above resetting the root password approach might be worth trying out.


This alone would concerns me quite a lot and I would NOT trust the system as it is. As a consequence, I would do a fresh reinstall.

Instead, if it happens that the user has forgot the passwords and he/she has physical access to the machine, then you follow the usual linux password reset procedure at boot, when you modify the grub configuration to drop in single use mode (as in @bonnietwin tutorial) or in a shell environment. As explained by @bonnietwin, once you have a console access, you reset the root password with passwd command. Next you reboot normally, enter as root using the new password and run again setup to reset also the admin password for the web user interface access.

Note: in any circumstance, you NEVER recover a password. You ALWAYS reset it to a new one.

EDIT: once you reset the root password, you might want to consider using ssh for a password-less login based on public/private key cryptography. It is considerably more secure and convenient than typing the credentials in the console. Also, in alternative you could create a non-root user, setup a password-less SSH login and put the user in the sudoers file. This way you log in with the public key of the not-privileged user, and then when needed you use sudo to issue privileged commands.


Did you consider that you might have the correct password but that the keyboard setting is not the same as when you configured your system?
Test your carakter set

Made this mistake once - :slight_smile:

Or Caps Lock is on. I have done that myself on a keyboard that had no light on the Caps Lock key when it was selected.


HI @cfusco and @bonnietwin, many thanks for your responses!

Well, as mentioned in the link shared by @bonnietwin, you can usually access, at boot time, kernel and then interrupt to get into shell etc.

But on my system, I have initially three lines in the first screen with the IPFire menu:

  • IPFire 2.27
  • Advanced options for IPFire 2.27
  • UEFI firmware settings

And when I chose the advanced options, then there is one line only: IPFire 2.27.

This is where the kernel line should be displayed, should it not? :upside_down_face:

So unless I am missing something obvious, it seems that on my system, it’s not possible to get into a classic linux / unix-like root recovery.

And I fully agree with @cfusco that this system can’t be trusted and that the way to go would be to do a fresh install…

Also fully in sync with @cfusco about locking the root account, that’s what I prefer to do with a linux OS but here it was so new… :sweat_smile: - and thanks also for pointing at the passwordless and non-root pages, will try it next.

The good thing is that I haven’t reached yet to the IPFire Hardening guide, but the links about non-root user helped to get there - thanks again!

A quick question about the admin profile used to access the GUI: what kind of profile/user is this? Is that a non-root user or it is something else? I looked in the wiki and community posts but didn’t find that answer.


Hi @zebulon and @bonnietwin

Indeed, these two cases can be really awkward - I had once such a keyboard issue and with vim, no way to use it properly !! :scream: It’s not the Capslock either, as when I type the user name (in that case ‘root’), it would be in capitals too but it wasn’t.

But it’s true, these are the kind of things that may prevent to use our IPFire…

PS: for the moment, I am just editing to correct typos :slight_smile:

If you used numerals in your password, then keys in the numeral row versus those in the numeric keypad can make a difference. Try putting in the password using the alternate key(s). Also try changing keyboards - PS/2 versus USB.

If you used older hardware for your trial-horse, then the HDD might be failing. Try booting a live Linux distribution - I suggest a recent GParted - then running fsck on the IPFire root file system. GParted also contains GSmartControl, which can identify greater degradation of a drive.

Hi @rodneyp many thanks for your message!

These are interesting suggestions, very good to know about them indeed; in the present case though, the keyboard is the one on the laptop running IPFire and there is no numeric pad, so there is basically one unique way to input the password.

So I am going to collect a few logs on the machine and then proceed to a new install.

Btw, sorry for repeating a question asked here above but it got lost in the responses :upside_down_face:

=> When you install IPFire, the user is prompted to create root and also an an admin. Wondering please what is that admin, from a system perspective : is it a non-root user or is it something else?

And if you create a non-root user in IPFire, as shown in the link shared earlier by @cfusco, will such user be able to log into the web GUI ?

Many thanks !

admin is for the WebGUI only. It is only used to access https://ipfire.localdomain:444

this might help:


1 Like

Hi @jon, many thanks for the swift response - that close the thread, heading to reinstall :smiley:

Many thanks again to everyone for your support and information here; speak soon!

1 Like