If a public key is configured in the config file, the password recovery tool (standalone_root_pw_reset) cannot reset a password.
The problem exists because regex used for sed there expects to find the password before the first line with the`}` character, but the public key section breaks this logic.
Affected sed command (https://github.com/vyos/vyatta-cfg-system/blob/2ec876ba9034c4e35538860d3128c6c13e185825/scripts/standalone_root_pw_reset#L29-L32):
set_encrypted_password() { sed -i \ -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password $2/" $3 }
Config with public keys:
login { user vyos { authentication { public-keys keyname { type "ssh-ed25519" key "keydata" } encrypted-password "passworddata" plaintext-password "" } } }