How to Reset the OPNsense Root Password

Overview

This article explains how to reset the OPNsense root password if you find yourself locked out of the WebGUI and console menu.

How to Reset the Root Password

Since OPNsense password protects its console menu by default, you will need to enter "Single User" mode to reset the root password.

• Power off the Vault
• Attached a monitor and keyboard or COM cable to the Vault
• Power on the Vault and allow OPNsense to boot
• Once the OPNsense "Welcome Menu" is visible select "Boot Single User" by pressing '2' on the keyboard.

• Allow single user to load until you are greeted with "Enter full pathname of shell or RETURN for /bin/sh: "
• Press the 'Enter' or 'Return' key to display command-line prompt
• Mount the root partition by typing the following command:

If OPNsense was installed using UFS use the following command

# /sbin/mount -o rw /

If OPNsense was installed using ZFS use the following command ( please note there is a space after -u and the last / on the first command)

# /sbin/mount -u /

# /sbin/zfs mount -a

• Press enter
• With the root partition mounted you can issue a password reset using the following command

# opnsense-shell password

• Press enter
• When asked "Do you want to proceed?" enter 'Y' and press enter
• You should now be asked to enter a new password, then again to confirm the password

• Once you see the message "The root user has been reset successfully" issue a reboot command by typing the following command

# reboot

• Press enter and allow the system to gracefully reboot
• Once OPNsense fully reboots verify the new password was successfully applied by logging into the WebGUI or console menu using the root user account

At this point root access should be regained, if not attempt the steps again. If you experience any issues, please feel free to reach out to us at support@protectli.com