Brock Cooper

OPNsense: Password & 2FA Recovery

by
December 14, 2025
home lab

Well.. its not the first time, and it definitely won’t be the last…
So long story short, I’ve moved and in the chaos of moving and packing things up, I forgot to document the credentials of the new setup I was working on just before the move. I was working on cleaning up the layout and upgrading hardware where I could. Something, something – Do as I say, not as I do….

The good news is, its actually pretty easy and straight forward to recover your root account!

Recovery Methods

You can boot into “single user mode” or if you still have the installer burned to a flash drive, you can use the “Password Reset – Recover Installation” option in the installer after the keymap selection.

Single User Mode

Mose likely you also cannot reboot, so time for the fun part – pull the plug!
Unless you have a power button. My little Proxmox converted Sophos XG 430 only has a switch.
We are booting into single user mode so we are running as (signed in as) the “root” account.
There are no credentials needed to sign in or use single user mode as we have physical access to the server or the server supports (BBM/IPMI/iDRAC/iLO) some form of remote management. If you don’t have a server with that, I hope you’re not to far from its location.

Select option "2" when the boot menu for OPNsense appears

Mounting /

In order to have read and write access to the files we normally see while OPNsense is running, we need to manually mount the root directory. Depending on the file system you chose to install OPNsense with, the mounting procedure will be slightly different. The filesystem will either be UFS or ZFS; Bellow are the commands needed to mound “/” so we can reset that root password.

UFS File System

/sbin/mount -o rw /

ZFS File System

/sbin/mount -u /
/sbin/zfs mount -a

Reset Password

Once we successfully mound it, we can finally reset the password.

opnsense-shell password
reboot

Choose “Y” to the confirmation dialogue.

That’s it! Hopefully that’s useful to someone one day in the future. No need to panic!

Epilogue

NOTE: I did initially have issues when I first tried to reset my password, I’m not sure if it reset it and 2FA was left on, or I chose the wrong mount option and didn’t get read write permission, or what, but upon logging in after my first try, it failed and asked for my 2FA. So I was super careful the next time around and it worked just fine. Password reset an no 2FA prompt when I signed in.

If you have any issues (it’ll probably be issues with mounting the file system) with this, please feel free to post a comment and I’ll get to it eventually! Seriously though I’ll try to answer as soon as I can.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like

Cisco: Unsupported Transceivers

One of the most infuriating things with enterprise gear – other products included – is vendor lock in.I understand when there’s a ligament reason, but...

December 16, 2025
home lab