之前讨论过从vCenter中更改esxi主机密码的方法,但这个前提是esxi主机仍在vCenter中能正常运行。而有些情况下vCenter已不可用,这种方法就无法使用了。因此只能能通过另外两种方法1、安装光盘来重设密码(官方认可的方法)2、利用Linux Live CD来重设密码。 第一种这里不再讲述。这里着重讨论第二种方法。

原理:exsi主机实际上是个linux系统,其root根用户的密码保存在etc/shadow中,可将其中密码的部分清空,之后启动esxi主机,此时root用户为空密码,登陆后进行密码更改即可。

As with any system there may arise a situation in which the root login has been misplaced or forgotten. The below process will show you how to reset the password for root back to a blank password. This is not supported by VMware and you might consider running a repair install of ESXi instead of this process. A repair install will overwrite the system partitions of an ESXi install but preserve any VMFS datastores. After a repair install one can add the existing VMs back to inventory by browsing the datastore, right clicking on VMX files and selecting Add to Inventory. Note that changing the password of root back to blank will prevent the mounting of any NFS datastores as these depend on the root login to authenticate with the NFS server.

This process does require some sort of physical access to the host as it will require booting it with an alternate OS. In the below example I used the Slax Linux Live CD. Please note that I tested this process on a test server with no VMs. It was basically a fresh install on which I changed the root password and created another login. I then used this process to reset the password of root and rebooted the host. After the reboot I could login with no password for root and the other account worked fine as well. While I think this is a relatively safe process, if I were doing this on a live system I would ensure that I had backups of the VMs and if possible a configuration backup for ESXi.

If you do want to want to retrieve the root or other password password, you can use the initial steps to retrieve a copy of the shadow file. Then use a tool like john the ripper (jtr) to crack the password. If a common word / pass phase was used for the password and you use a extensive password list with jtr then you may be able to retrieve the password in a fairly short time frame

1) The below p_w_picpath was taken from the console of the ESXi host and the output of cat /etc/shadow shows the encrypted password for the root login. You may wish to record the password hash should you wish to reverse this change.

2) After the host was shut down, I booted up with the Linux live CD. I then ran the commands fdisk -l and ls -l /mnt/sda5/ / ls -l /mnt/sda6/ to determine the location of the most recent state.tgz file. Note that if you're using ESXi Embedded then you may only see local.tgz instead of state.tgz and you should then copy and recreate that file. In my below example, ESXi was a fresh install so /sda6 has no files but boot.cfg. When booting ESXi on this host, /sda5 would be mounted as /bootbank and /sda6 as /altbootbank.

3) After determining where the most recent state.tgz file was located, this was copied to /tmp. gzip and tar were then used to extract local.tgz from state.tgz. If you're using ESXi Embedded then you will copy local.tgz to tmp and run gzip and tar on that file. Once local.tar was extracted the cd etc command was run followed by vi shadow.

4) The below two p_w_picpaths show the shadow file before and after editing. Essentially you'll want to have the root entry as root::13358:0:99999:7::: . Once you have removed the password hash, press ESC and to save the change type in :wq and press Enter. You can run cat shadow to confirm that the change was saved successfully.

5) Once the shadow file has been updated, you'll use cd .. to go back to /tmp and then run tar -czvf local.tgz etc to create the local.tgz file. If you're using ESXi Embedded then you'll copy this file to the drive where it came from in step 3. Otherwise you'll run tar -czvf state.tgz local.tgz to create state.tgz which should then be copied to the correct location. In the below p_w_picpath you'll notice that I don't always use the -v option with the tar command. This option displays a list of all files being processed by the command and would have resulted in larger screen output. It is entirely optional for this process, but can provide a good check to see if the right files are being processed. When running tar to extract the local file, a large number of files will be processed. I've also used the ls -l command a few times in the below p_w_picpath. This was done to ensure that the file copied correctly.