How to Reset Sophos UTM Passwords (WebAdmin, Root and Loginuser)

So you can’t login to the Sophos UTM WebAdmin interface anymore. It happens. Perhaps you’ve made a configuration change and locked yourself out, or perhaps you’ve just forgotten your password. I locked myself out a couple of times when playing around with the new 2 Factor Authentication feature in the Sophos UTM 9.2 Beta. Don’t worry, here are the steps to reset your password.

You’ll first need a direct console into Sophos UTM. For hardware appliances, plug in a monitor and keyboard, or for Virtual Appliances open up your virtualization system’s management console for the Virtual Machine.

Once you have a console open, try to log in as the root user.

Yep, locked out alright! So let’s go ahead and reset the root user password. Then we can go about resetting the password for the WebAdmin user as well. If you can login as root, jump to Resetting the Web Admin Password below.

Reset Sophos UTM’s Root User Password

To reset the root password:

Ensure you have a monitor and a keyboard connected to the Sophos UTM and restart the UTM.
Press the ESC key as the Sophos UTM starts to boot. You’ll soon see the GNU GRUB screen:
Ensure the current Sophos UTM version is highlighted (should be the top option). Do NOT select the ones that say ‘previous’ or ‘rescue’.
Press the ‘e‘ key (don’t press Enter!).
Use the arrow keys to highlight the second option that starts with the word ‘kernel‘:
Again, press the ‘e‘ key on the keyboard
The cursor should be at the end of a string of text. Add this to the end:
```
init=/bin/bash
```
Press Enter to return to the previous screen, then press the ‘b‘ key on the keyboard to reboot the Sophos UTM.
Once the UTM boots, the cursor will be at a command prompt
Now we finally get to reset the password. Type: passwd loginuser
Enter and re-enter a new password for the ‘loginuser’ account.
Type: passwd root
Enter and re-enter a new password for the root account.
Press Ctrl+Alt+Del to reboot the Sophos UTM.

You have now reset both the loginuser and root passwords. Once the UTM has rebooted, check that the root password works by logging in as the root user.

Did you know: Fastvue Sophos Reporter produces clean, simple, web usage reports using log data from your Sophos UTM that you can confidently send to department managers and HR team.

What is Fastvue Sophos Reporter?

Why use Fastvue over Sophos iView?

Reset Sophos UTM WebAdmin Password

Now we have regained access to the root user login, we can reset the WebAdmin password.

Ensure you are still logged in as root as per the last step above.
Type cc at the prompt. This will take you to another prompt starting with 127.0.0.1 MAIN >
Type RAW. This will switch you to RAW mode.
Type system_password_reset
Browse to the WebAdmin Interface. You will notice it is now asking you to set the password.
Enter your new password into each box and hit Apply. You’ll then be directed to the usual WebAdmin login page
Enter your shiny new credentials, and if everything went to plan, you should be logged in!

You can also checkout Sophos’ own guide on how to Recover access to your Sophos UTM in the event of password loss.

I hope this helps anyone else out there that has locked themselves out of their Sophos UTM box!

Take the pain out of reporting on Web Usage and Network Traffic.

Now that you’re logged in, why not make your life easier and setup Fastvue Sophos Reporter? Fastvue Sophos Reporter consumes syslog data from Sophos UTM (SG) and Sophos XG Firewalls and produces clean, simple, web usage reports that you can confidently send to department managers and HR team. Automate reports and get the job of reporting on web usage off your desk and into the hands of people that need it. Download the 30 day free trial today!

What is Fastvue Sophos Reporter?

By Scott Glew|2019-12-03T00:34:12+00:00January 31st, 2014|Sophos Reporter|24 Comments

About the Author: Scott Glew

Co-founder and Chief Product Officer at Fastvue.

24 Comments

R June 11, 2015 at 11:41 pm - Reply

This is a good process but doesn’t work with the SG115. I get as far as step 9 but the keyboard stops working.
I guess this doesn’t apply?

I am completely locked out. Can I do a complete reset so there is no configuration?

Thanks
- Scott Glew June 22, 2015 at 11:18 pm - Reply
  
  Sorry to hear that!
  
  Are you using a USB keyboard? It sounds like you may be having similar issues as described in this thread. https://www.astaro.org/gateway-products/general-discussion/50445-password-recovery.html. Try the solutions mentioned.
  
  If you still have issues, I recommend contacting Sophos Support?
- zafer June 29, 2016 at 9:16 am - Reply
  
  hi, sophos UTM ASG525 firewall password reset,
  I connected monitor and keyboard, step 9 but the keyboard stops working.
  how to problem solved?
  help me please
- zafer June 29, 2016 at 9:19 am - Reply
  
  Hi,
  my Sophos UTM ASG525 firewall, root and webadmin password reset,
  I connected monitor and keyboard, step 9 keyboard (none):/ # stops, is not working
  How to problem solved?
  help me please
AngelB September 15, 2015 at 3:30 am - Reply

Perfect, thanks!
cannot login to the webadmin interface - Sophos User Bulletin Board September 27, 2015 at 11:10 pm - Reply

[…] back on. i followed the directions to resetting the admin password, as illustrated on this page, Fastvue Sophos Reporter How to Reset Sophos UTM Passwords (WebAdmin, Root and Loginuser), which was completed successfully, but I am not having any luck with logging into the system. i […]
Problems resetting UTM root/loginuser passwords - Sophos User Bulletin Board September 30, 2015 at 4:16 pm - Reply

[…] Today, 04:16 PM Problems resetting UTM root/loginuser passwords Having followed the guide to reset the loginuser and root passwords I can get to step 14 but no further as the passwords are […]
PapyCloud | Reset webadmin and root password sur un Sophos UTM 9 December 29, 2015 at 2:50 pm - Reply

[…] How to Reset Sophos UTM Passwords (WebAdmin, Root and Loginuser) […]
James Griffin January 18, 2016 at 9:28 pm - Reply

Had the same problem…forgot root and user pwd. I followed all the steps outlined, until I got to step 10..wireless keyboard wouldn’t work, went to my local Office Depot, purchased a new wired usb keyboard for 10$, plugged it in directly to my box, and voila everything worked. No problem in resetting all the passwords…hope this helps….jim
lamsyah February 20, 2016 at 3:35 pm - Reply

hi . i used all the steps but didn’t work.
it gave me this
127.0.0.1 RAW > system_password_reset
Calling confd function system_password_reset()
result: 0
fatal: [
{
‘Oattrs=> [
‘class’,
‘type’,
],
‘attrs’=> [
‘function’
]’
‘class’ => ‘ca’,
‘fatal’ 1,
‘format’ => ‘The argument of the function %s must be a %_0 object and not empty.’,
‘function’ => ‘ca_generate_host_key_cert’,
‘msgtype’ => ‘AGRUMENT_EMPTY’,
‘name’ => ‘The argument of the function ca_generate_host_key_cert must be a X509 certificate with private key object and not empty.’,
‘never_hide’ => 0,
‘type’ => ‘host_key_cert ‘
}
]
- Scott Glew February 23, 2016 at 5:31 am - Reply
  
  Sorry to hear that! I would recommend posting this issue on the UTM forums or contacting Sophos Support.
  
  Let us know if you find the solution!
shakeerj February 29, 2016 at 5:53 am - Reply

I rest the root password with out any problem but when i try to login after reset its say incorrect password .
- SimKard April 27, 2016 at 9:34 am - Reply
  
  Hello shakeerj,
  
  Same problem for me.
  I successfully reset the passwords with “passwd” command, but then, after reboot, when I try to login (directly on console / or through SSH), the passwords are not working.
  
  Any update on this on your side ?
  
  Thanks
- xinyong August 30, 2016 at 1:15 am - Reply
  
  me too.
  I rest the root password with out any problem but when i try to login after reset its say incorrect password .
  v9.1
Len November 18, 2016 at 8:08 pm - Reply

I can follow all these instructions but the process simply does not work.

1. When I attempt to log in with WebAdmin I get no chance to reset the admin password
2. After exiting from cc and rebooting the password changes are lost.

There are a lot of other posts around saying much the same thing. There is also some suggestion that if you have changed the WebAdmin login name from admin you are basically completely stuffed.

Not good.
Steve January 11, 2017 at 4:20 pm - Reply

I was in a similar situation and resetting the root password didn’t really reset it.
You can reset the loginuser (and only the loginuser) at the bash prompt which you can then login to the console after the next reboot but that doesn’t help since it doesn’t have the permission to start the cc utility.

I don’t know if thiis was an artifact of my ‘cloud’ provider or not but I was able to find the WebAdmin password reset log in the /temp_astaro/output.log file that seemed to be generated on the reboot right after I changed the root password.

YMMV

Steve
Charly March 15, 2017 at 10:46 am - Reply

Sophos SG 115
It works perfectly! Thanks for this great manual!
Steve Lorenz August 4, 2017 at 8:12 pm - Reply

Sophos SG 120 UTM 9.4
works good thanks!
Gerd September 24, 2017 at 4:25 pm - Reply

UTM 9.5 works great!!
Thanks
Sophos Password recovery – petchkar April 26, 2018 at 2:12 am - Reply

[…] https://www.fastvue.co/sophos/blog/reset-sophos-utm-webadmin-password […]
Ray Cockshell October 18, 2019 at 12:30 am - Reply

UTM 9.5 Home Edition works just dandy.
Many thanks for excellent article
Khammam Sakshi July 18, 2020 at 11:28 am - Reply

I worked well. Thank you so much.
Vincent April 26, 2021 at 8:27 pm - Reply

It works.
The password for loginuser with root has be different.
Thanks,
Sophosguru June 30, 2021 at 11:09 am - Reply

IT DOES NOT WORK…… when you press ctrl-alt-del it does not save the password changes.
you need to reboot via /etc/init.d/rc6.d/S10reboot
then the rest of the commands.