NVE: How to change OS passwords

Summary: This KB provides instructions on how to change the OS user account passwords on the NetWorker Virtual Edition (NVE) appliance.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

The NetWorker Virtual Edition (NVE) appliance includes a password management utility called change-passwords. This utility can be used to change the NVE operating system "admin" or "root" credentials. In order to use this method, either the admin or root credentials must be known. 
 

  1. Authenticate to the VMware vSphere web client that is hosting the NVE.
  2. Open a Remote Console to the NVE from the vSphere Web Client.
NOTE: By default root access over SSH is disabled, to log in as root directly over SSH it must be enabled. NVE: How to Allow root SSH Access On a NetWorker Virtual Edition.
  1. From the NVE Remote Console session, log in as root.
  2. Use the change-passwords utility to update the passwords for the admin and root accounts. There are two scenarios:

    Scenario One: NVE has passphrase protection enabled.

    Before changing the OS passwords, you are prompted to enter the admin and root passphrase. You are prompted to enter each passphrase twice
nve:~ # change-passwords
Enter passphrase for /home/admin/.ssh/admin_key: HIDDEN_PASSPHRASE
Enter passphrase for /root/.ssh/rootid: HIDDEN_PASSPHRASE
[change-passwords version 2.1]
Enter passphrase for /home/admin/.ssh/admin_key: HIDDEN_PASSPHRASE
Enter passphrase for /root/.ssh/rootid: HIDDEN_PASSPHRASE
--------------------------------------------------------
After successfully passing passphrase protection, you can change the admin and root passwords: 
Change OS (login) passwords?
y(es), n(o), q(uit/exit): y
change-passwords: INFO: Each OS password will be changed locally without further prompting as soon as you have (twice) entered a valid password.


--------------------------------------------------------
Change OS password for "admin"?
y(es), n(o), q(uit/exit): y
Change password for user "admin".

(Entering an empty (blank) line twice quits/exits.)
> HIDDEN_PASSWORD
Enter the same OS user password again.

(Entering an empty (blank) line twice quits/exits.)
> HIDDEN_PASSWORD
Backup lockbox file
Backup keystore files
Backup SSV files
Flush backup
Local backup dir: /usr/local/avamar/src/lockbox_backup/2026-02-10-14_21
Flush backup dir: /usr/local/avamar/var/mc/server_data/lockbox_backup
Tue Feb 10 14:21:09 2026
Updated with new value under name "admin".

Backup lockbox file
Backup keystore files
Backup SSV files
Flush backup
Local backup dir: /usr/local/avamar/src/lockbox_backup/2026-02-10-14_21
Flush backup dir: /usr/local/avamar/var/mc/server_data/lockbox_backup
change-passwords: INFO: The password for OS user admin has been updated on _this_ host.


--------------------------------------------------------
Change OS password for "root"?
y(es), n(o), q(uit/exit): y
New password: HIDDEN_PASSWORD
Retype new password: HIDDEN_PASSWORD
passwd: password updated successfully
change-passwords: INFO: The password for OS user root has been updated on _this_ host.

--------------------------------------------------------
Done.
nve:~ #
The passwords are updated.

Scenario Two: NVE does not have passphrase protection:

If passphrase protection has been disabled on the NVE (for example, the following steps were previously performed: NVE: How To Reset SSH Rootid Passphrase)
You are prompted to enter the existing admin user's password. You are prompted to enter the admin password four times: 
nve2:~ # change-passwords
Password: EXISTING_ADMIN_PASSWORD
Password: EXISTING_ADMIN_PASSWORD
[change-passwords version 2.1]
Password: EXISTING_ADMIN_PASSWORD
Password: EXISTING_ADMIN_PASSWORD
--------------------------------------------------------
WARNING: NVE 19.12+ expects passphrase protection to be enabled. This is a default configuration setting that is enabled after upgrading to 19.12 and later. The NVE credential framework depends on the encrypted avlockbox. The change-passwords workflow requires valid passphrase protection or admin user credentials by design. The standard Linux passwd command cannot be used to change the admin user's password; this breaks avlockbox. If the current admin password is known, you can proceed with changing the passwords. When the NVE is upgraded to the next 19.12+ release, passphrase protection is reenabled. If passphrase protection is disabled and the current admin password is not known, it is not possible to use change-passwords. See below section "Passphrase protection is disabled, admin password not known."
After successfully passing password protection, you can change the admin and root passwords: 
--------------------------------------------------------

Change OS (login) passwords?
y(es), n(o), q(uit/exit): y
change-passwords: INFO: Each OS password will be changed locally without further prompting as soon as you have (twice) entered a valid password.


--------------------------------------------------------
Change OS password for "admin"?
y(es), n(o), q(uit/exit): y
Change password for user "admin".

(Entering an empty (blank) line twice quits/exits.)
> HIDDEN_PASSWORD
Enter the same OS user password again.

(Entering an empty (blank) line twice quits/exits.)
> HIDDEN_PASSWORD

Backup lockbox file
Backup keystore files
Backup SSV files
Flush backup
Local backup dir: /usr/local/avamar/src/lockbox_backup/2026-02-10-08_31
Flush backup dir: /usr/local/avamar/var/mc/server_data/lockbox_backup
Updated with new value under name "admin".
Backup lockbox file
Backup keystore files
Backup SSV files
Flush backup
Local backup dir: /usr/local/avamar/src/lockbox_backup/2026-02-10-08_31
Flush backup dir: /usr/local/avamar/var/mc/server_data/lockbox_backup
change-passwords: INFO: The password for OS user admin has been updated on _this_ host.


--------------------------------------------------------
Change OS password for "root"?
y(es), n(o), q(uit/exit): y
New password: HIDDEN_PASSWORD
Retype new password: HIDDEN_PASSWORD
passwd: password updated successfully
change-passwords: INFO: The password for OS user root has been updated on _this_ host.

--------------------------------------------------------
Done.

The passwords are updated.

Passphrase protection is disabled, admin password not known:

If passphrase protection is disabled and the current admin password is not known, the NVE must be redeployed. The following process is required. Before proceeding with redeploying the NVE, you must access the existing NVE over console and login as root. If the current root password is not known, follow section A. If the current root password is known, go to section B.

Section A: Resetting root password from single-user mode:

WARNING: The following steps are considered out-of-support. The process falls outside of NetWorker and uses standard Linux "single-user" method to access the system over direct console and reset root credentials. These steps must be performed by the VMware and backup administrators. This is a last resort effort to reset root credentials on an inconsistent NVE before proceeding with NetWorker Server Disaster Recovery.
  1. Authenticate to the VMware vSphere Web Client that is hosting the NVE.
  2. Shut down the Guest OS on the NVE: Actions > Power > Shut Down Guest OS
  3. Once the Guest OS is shut down, take a virtual machine snapshot of the NVE.
NOTE: If any issues are observed, revert to this snapshot.
  1. From vSphere, open a Remote/Web Console to the NVE Virtual Machine (VM).
  2. Start the Guest OS on the NVE: Actions > Power > Power On
  3. Wait for the GRUB menu to appear.
  4. Using the keyboard arrow keys, highlight the first SLES entry:
NVE GRUB loader
  1. Press on your keyboard.
  2. On the line that starts with "linux" append rw init=/bin/bash to the line:
boot into single user mode
NOTE: This boots the NVE into "single user" mode.
  1. Press CTRL+X or F10 to boot into the NVE.
  2. Use the Linux passwd command to update password for the root account:
passwd command
  1. Reboot the NVE.
  2. You can now log in to the NVE using the root password set in step 11.
  3. Go to the next steps in Section B.

Section B: NVE Disaster Recovery:

  1. Before powering off the existing NVE, access the NVE Virtual Machine (VM) using VMware Console. Log in as root. 
    1. Collect the NetWorker server bootstrap save set details: mminfo -B
      WARNING: Without a bootstrap backup, it is not possible to recover NetWorker to a new host.
    2. Confirm the NetWorker server name:
      1. nsradmin
      2. show name
      3. print type: nsr
      4. quit
    3. Confirm the current version of the NVE:
      1. Get the last upgrade version installed:
ls -t /data01/avamar/var/avi/server_data/package_data/ | grep Upgrade | head -1
  1. ​​​If the NVE was never upgraded (above command returns no output), run: 
ls -t /data01/avamar/var/avi/server_data/package_data/ | grep Install | head -1
  1. Power down the NVE and deploy a new NVE with the same hostname and NetWorker version as the existing NVE.
  2. Perform a NetWorker Server Disaster Recovery (nsrdr) on the new NVE. This recovers the NetWorker configuration, databases, and backups from the old server to the new NVE: NetWorker: NetWorker Server Disaster Recovery (NSRDR)

Additional Information

NVE user accounts keep getting locked:

If the admin account is showing as locked, it can be reset using the Linux pam_tally2 utility:

pam_tally2 --user admin --reset
If the admin account keeps locking without known SSH attempts, check which system is trying and failing to log in using admin credentials. 
journalctl -u sshd | grep -w 'admin'
Example: 
Dec 06 09:23:36 nve.networker.lan sshd[9407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.9.100  user=admin
Dec 06 09:23:38 nve.networker.lan sshd[9407]: Failed password for admin from 192.168.9.100 port 54788 ssh2
NOTE: This shows the failed login attempt timestamps and from which IP address the login came from. Use nslookup to see if the IP address is resolvable within the NVE's network; if the IP resolves to a known hostname, investigate the host to see why it is producing failed login attempts on the NVE. If the IP address/host cannot be identified, consult with your networking or security team to investigate where the request is coming from.

Affected Products

NetWorker

Products

NetWorker Family
Article Properties
Article Number: 000228121
Article Type: How To
Last Modified: 10 Feb 2026
Version:  8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.