Change Password in VyOS
Method 1: Change Your Own Password (Easiest)
# Simply run this command (no need for configure mode)
set system login user vyos authentication plaintext-password
# It will prompt you:
# Enter new password:
# Retype new password:
Method 2: Change Password in Configuration Mode
configure
# Change password for user 'vyos'
set system login user vyos authentication plaintext-password YOUR_NEW_PASSWORD
commit
save
exit
Method 3: Interactive Password Change (More Secure)
configure
# Set password interactively (won't show in command history)
set system login user vyos authentication plaintext-password
# It will prompt you to enter password without displaying it
# Enter new password:
# Retype new password:
commit
save
exit
Method 4: Change Another User’s Password
configure
# Change password for another user
set system login user admin authentication plaintext-password NEW_PASSWORD
commit
save
Create Additional Admin User
configure
# Create new admin user
set system login user admin authentication plaintext-password YOUR_PASSWORD
set system login user admin level admin
# Or create operator user (read-only)
set system login user operator authentication plaintext-password PASSWORD
set system login user operator level operator
commit
save
User Levels in VyOS
- admin – Full access (like root)
- operator – Read-only access (show commands only)
Delete a User
configure
# Delete user
delete system login user USERNAME
commit
save
Set Up SSH Key Authentication (Recommended)
configure
# Add SSH public key for user
set system login user vyos authentication public-keys mykey type ssh-rsa
set system login user vyos authentication public-keys mykey key 'AAAAB3NzaC1yc2EAAAADAQAB...'
commit
save
Reset Password If You Forgot It
If you’re locked out, you need console access (keyboard + monitor):
- Reboot the router
- At GRUB menu, press
eto edit - Add to the end of the linux line:
init=/bin/bash - Press Ctrl+X to boot
- Mount filesystem as read-write:
mount -o remount,rw / - Change password:
passwd vyos - Reboot:
reboot -f
Best Practices
✅ Use strong passwords (12+ characters, mixed case, numbers, symbols)
✅ Don’t use the same password as other systems
✅ Consider SSH keys instead of passwords for remote access
✅ Create separate user accounts for different admins
✅ Backup your config after creating users
Verify Your Changes
# Show configured users
show system login
# Check your authentication
show configuration commands | grep authentication
Quick Reference
| Task | Command |
|---|---|
| Change own password | set system login user vyos authentication plaintext-password |
| Create new admin | set system login user USERNAME authentication plaintext-password + set system login user USERNAME level admin |
| Delete user | delete system login user USERNAME |
| Add SSH key | set system login user vyos authentication public-keys KEYNAME key 'KEY' |
Pro Tip: Always test the new password in a second SSH session before closing your current one, to avoid locking yourself out!
Be First to Comment