locked out of ssh and sftp and require new password

Question

I have tried to log into my Google Instance running "CIS CentOS Linux 7 Benchmark Level 1" and get the following message.

It's asking for the current password which we don't have. Is there a way to gain access and reset things?

I'm currently locked out of the server for both SFTP and SSH. And for the record I'm using Cloud Shell to gain SSH access.

Thank you in advance

Welcome to Cloud Shell! Type "help" to get started.
Your Cloud Platform project in this session is set to xxxxxxxx.
Use “gcloud config set project [PROJECT_ID]” to change to a different project.
xxxxxx@cloudshell:~ (xxxxxx)$ gcloud compute --project "xxxxxx" ssh --zone "europe-west2-a" "xxxxxx"
Authorized uses only. All activity may be monitored and reported.
You are required to change your password immediately (password aged)
Last login: Mon Dec  3 17:07:52 2018 from 
xxxx.xxx.xxx.xx.bc.googleusercontent.com
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user xxxxx.
Changing password for xxxxx.
(current) UNIX password:

Also if you have completed this action before, try to remember what the replacement passwords you tried before were. As it may have taken time to set. — Michael Prokopec, Dec 03 '18 at 17:38

score 3 · Accepted Answer · answered Dec 03 '18 at 21:30

This is your solution

Before check if your firewall is set correctly.

1 - Go to the VM instances page in Google Cloud Platform console.

2 - Click on the instance for which you want to add a startup script.

3 - Click the Edit button at the top of the page.

4 - Click on ‘Enable connecting to serial ports’

5 - Under Custom metadata, click Add item.

6 - Set 'Key' to 'startup-script' and set 'Value' to this script:

#! /bin/bash 
useradd -G sudo USERNAME 
echo 'USERNAME:PASSWORD' | chpasswd

7 - Click Save and then click RESET on the top of the page. You might need to wait for some time for the instance to reboot.

8 - Click on 'Connect to serial port' in the page. 9 - In the new window, you might need to wait a bit and press on Enter of your keyboard once; then, you should see the login prompt. 10.. Login using the USERNAME and PASSWORD you provided.

From there undo any change that you've done, if you have sshguard check if your IP is blocked.

OMG! what a fantastic detailed reply. I'm going to try this now and will update the thread. Thanks you! — John K Bell, Dec 03 '18 at 21:47
That worked! I had to set USERNAME to the current username and changed the password. I then gained access. I also removed the bash scripts and deselected serial ports and can now login as normal. I want to thank you for taking the time to assist here, you had the solutions and I'm very grateful. Thank you! — John K Bell, Dec 03 '18 at 22:48

locked out of ssh and sftp and require new password

1 Answers1