If you have forgotten all passwords for accessing the WebAdmin (i.e., the 'admin' account) and/or the UTM console user accounts (i.e., 'loginuser' and root) there is still a way to regain access.
This article explains how you can regain access to the WebAdmin if you have been locked out or go further and fully reset the different console users' passwords.
Applies to the following Sophos product(s) and version(s)
V7, V8, V9
What To Do
Reset WebAdmin password
If you cannot login to the WebAdmin with the 'admin' account but you know the password for root and have either direct access to the UTM or can connect to the UTM with SSH follow steps one to five below. Otherwise see the section 'Reset all passwords' below.
- Either go to the actual UTM or connect via SSH.
- Login using the root account/su to root.
The next attempt to access the WebAdmin will show the 'Admin password setup' screen where you can enter a new password for the 'admin' account as show in the screenshot below.
Note: performing the above steps will also reset both the loginuser and root SSH passwords. To reset them, you'll have to browse to Management > System Settings > Shell Access > Shell user passwords, or if you're still logged into the console (as root), enter:
Reset all passwords
Important note: due to a known issue with USB keyboard drivers not being loaded correctly when accessing the bash recovery environment, the steps in this section after step 10 are not possible with certain firmware versions. Please ensure your UTM is updated to the latest firmware version to prevent being affected by this issue.
Known affected versions: 9.104-9.111, 9.205-9.209, 9.300-9.307 (for SG-series UTMs)
Known unaffected versions: 9.112, 9.210, 9.308+
On UTM hardware appliances, or software appliances where it is not possible to login to the console (when the passwords are missing), it is still possible to reset the passwords if you have direct physical access to the UTM.
Note: On a hardware appliance you must connect a keyboard and monitor to the UTM in order to interrupt the boot sequence.
- Shutdown the UTM.
- Ensure both a monitor and a keyboard are connected the UTM.
- Power on the UTM, wait until the GRUB boot loader starts...
...and then press the ‘Esc’ key before the short timeout expires.
- Highlight (do not press enter/return and use only the arrow keys) the version of software the UTM is running that does not mention either 'previous' or 'rescue'. In the screenshot below the 'Sophos UTM 9.1' item is highlighted.
- Press the 'e' key on the keyboard.
- Highlight (again do not press enter) the second option in the list shown on screen that starts with the word 'kernel'.
- Press the 'e' key on the keyboard.
- Press enter and wait for the screen to reload.
- Press the 'b' key on the keyboard. The UTM will boot up.
- Enter and re-enter a new password for the 'loginuser' account.
- Enter and re-enter a new password for the root account.
Note: Steps 11 to 14 are shown in the screenshot below.
- Press Ctrl+Alt+Del on the keyboard. The UTM will reboot.
- Login as root with the newly set password and reset the password for the WebAdmin's 'admin' account as shown below.
- Connect to the WebAdmin as normal (refresh the browser to clear any previous connection if required).
- Set a new password for the 'admin' account.
You now have access to the WebAdmin and have reset the console user accounts' passwords.
Local network is missing in the 'allowed networks' of the WebAdmin
If you cannot reach the WebAdmin login page, the allowed networks may have changed. You can reset the allowed networks for WebAdmin via the following commands.