Any potholes to avoid when resetting root password?

Posted December 8, 2021 99 views
DigitalOceanUbuntu 16.04DigitalOcean Droplets

Hi, Our (VERY COMPETENT) developer passed away and I’m the CEO trying to fix an issue without creating any new ones. A couple of us have lost access to a droplet (via FileZilla). I believe I need to reset the root password for the droplet so I can go though the steps of storing an ssh key for the new laptops, etc.

I’m hoping this is a really dumb question: I’m concerned that resetting the root password would break our app because one of the software based puzzle pieces he used would require the old root password to have remained unchanged. I can’t imagine our developer would have built things this way. Is there a way I can verify a droplet’s root password is not being used for access? Anything I need to look out for?

Technology stack (major players):
Java 8
Spring Framework
Vaadin Framework
Ubuntu 16.04

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi @SideKickTools,

I really doubt someone would use root access for an application, it’s not very secure and it has the potential to cause such issues you are describing.

Having said that, I don’t believe there is a way to check if an app is using the root password. What you can do when you are logged in as root is to type the command last.

The last command searches the user information from the ‘/var/log/wtmp’ file and displays a list of all users who have logged in and out since the file was created.

Additionally, I don’t think anyone is using root passwords to connect to servers anymore rather SSH keys are being used. If your App required root access, I’m most sure it’s using SSH keys.

Lastly, what you can do prior to changing the root password is to create a snapshot of your droplet and if needed restore it afterwards to that state.