Page MenuHomeVyOS Platform

Password recovery does not work if public keys are configured
In progress, HighPublicBUG


If a public key is configured in the config file, the password recovery tool (standalone_root_pw_reset) cannot reset a password.

The problem exists because regex used for sed there expects to find the password before the first line with the`}` character, but the public key section breaks this logic.

Affected sed command (

set_encrypted_password() {
    sed -i \
       -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password $2/" $3

Config with public keys:

login {
    user vyos {
        authentication {
            public-keys keyname {
                type "ssh-ed25519"
                key "keydata"
            encrypted-password "passworddata"
            plaintext-password ""


Difficulty level
Normal (likely a few hours)
1.3.4, 1.4, 1.5
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

zsdc changed the task status from Open to In progress.Tue, Nov 14, 12:42 PM
zsdc claimed this task.
zsdc created this task.
zsdc renamed this task from Password recovery does not work in Equinix Metal to Password recovery does not work if public keys are configured.Tue, Nov 14, 1:18 PM
zsdc triaged this task as High priority.
zsdc updated the task description. (Show Details)
zsdc changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
zsdc changed Version from 1.3.4 to 1.3.4, 1.4, 1.5.
zsdc changed Why the issue appeared? from Will be filled on close to Implementation mistake.
syncer changed the task status from Needs testing to In progress.Wed, Nov 15, 5:03 AM
syncer moved this task from Need Triage to Backport Candidates on the VyOS 1.5 Circinus board.