A mix of password recovery tips
I'm a Team Lead and Solutions Architect during the day, lazy "Dev Sec Ops" at night with a passion for selfhosting and data privacy. Free and Open Source advocate since 2005, I sporadically write Blog or Gemlog posts and share short notes and bookmarks on my website.
Introduction
Today, I wanted to write how I retrieved a lot of my accesses to services I selfhost. I’m going to talk about a lot of different tools here, the main reason being that these tools made it very easy to retrieve access (once I retrieved access to the host servers / VMs / CTs). Not like matrix or NginxProxyManager that made me update the production databases!
So before deep diving into all the solutions, a BIG THANK YOU to all the dev teams working on these wonderful software who made my life easier during this complicated period :).
Retrieved access quick help
mailcow admin
Mailcow is what I used to manage my email server and has been working great for the past years.
To reset the password, it was as simple as going to the root path where mailcow is installed (by default /opt/mailcow-dockerized/) and starting a helper script made for it:
cd mailcow/path
./helper-scripts/mailcow-reset-admin.sh
Then, if needed, I could use the web GUI to reset some users’ passwords.
forgejo
Forgejo is my local git forge where I manage a local copy of all my opensource and private projects. It isn’t available publically as my main public forge is sourcehut (more on that later), but I use it as a backup (in case sourcehut has some issue, I can still commit changes) and for projects I don’t want to host online (or archived/deleted ones).
Forgejo makes it simple thanks to the included CLI tool to change a user’s password:
su - forgejo # connect as the forgejo user
forgejo admin user change-password -u <user> -p "<passsword>"
GoToSocial
GoToSocial is the Fediverse server I’m using (think of a very lightweight version of Mastodon). Like Forgejo (and others), it provides a simple CLI tool that can be used to change a user password. As I use it with docker, all I needed to do was:
docker exec -it gotosocial /bin/sh
./gotosocial admin account password --username some_username --password 'some_really_good_password'
linkding
I use Linkding as my bookmark manager and use its API to power the bookmarks page on this website. Linkding doesn’t allow to update a password via the command line, but you can create another (temporary) super user that will be able to change other user passwords.
To restore my access, first I did a backup of the sqlite database:
cd path/to/linkding/storage
sudo cp db.sqlite3 db.sqlite3.bak
Then, running linkding via docker, I simply had to connect to the container and run a helper script to create another superuser
docker exec -it linkding /bin/bash
python manage.py createsuperuser --username=joe --email=joe@example.com
Once this was done, I connected with the new account, went to the admin section and change the password of my previous user. After that I logged out and loged in with my main account and removed the temporary user.
Uptime Kuma
I use Uptime Kuma to manage my status page indicating the health of all the service I host. It is linked to my ntfy instance to send alert on my phone. Uptime Kuma provide a simple reset-password script so that was easy. As I run it within a docker container, all I needed to do was:
docker exec -it uptime-kuma /bin/bash # connect to the docker container
npm run reset-password # reset the password
Ntfy
I selfhost an instance of ntfy to push notifications to my phone (more on that later maybe). It also provide an easy CLI tool that can change a user password. All I had to do was:
ntfy user change-pass username
Willow
I use willow to track releases of software I selfhost/use. It is forge agnostic and a nice help to keep track of things. I’ve already talked about it before on this website.
Willow CLI doesn’t provide a way to change a password, but instead I could simply delete my old user and recreate it with a new password:
su - willow # connect as willow user
willow -l -c /home/willow/.config/willow/config.toml
willow -d username -c /home/willow/.config/willow/config.toml
willow -a username -c /home/willow/.config/willow/config.toml
Syncthing
I use SyncThing to share files between devices (mainly between my laptop, my phone and a dedicated VMs to have an always on device). The admin Web UI of the VM was protected by a login/password, but it is easy to remove by editing the configuration.
First, backup the configuration just in case:
cp /home/syncthing/.config/syncthing/config.xml /home/syncthing/.config/syncthing/config.xml.bak
Then, edit the configuration file /home/syncthing/.config/syncthing/config.xml, and remove in the gui section the <user> and <password> lines. Then restart syncthing with systemctl restart syncthing@syncthing.service.
Final step is going back to the web UI (https://server.domain.tld:8384/) and reconfigure the login/password you want to use.
Picoshare
I use picoshare to share images. This was a bit special because it uses a password saved in a .env file loaded by docker. So all I needed was to look for that file (in the same directory as my docker-compose.yml file) and that was it.
Conclusion
Again, first and foremost, a huge thank you to everyone involved in those software. Not only for creating great piece of software (hence why I’m using them), but for also make it easy to own them again and not have to reinstall them!
I’m finally at the end of my journey retrieving all my access, so that’s the very positive note! One last final status on this to come and this blog series will be done!
From the « Loosing all my data »: collection:
- A mix of password recovery tips
- Regaining access to my matrix admin account
- New GPG Key
- Create an encrypted external hard drive
- Regain access to nginxproxymanager
- Quick status of my journey getting back access to my servers and services
- Regain access to a raspberry pi running raspbian
- Regaining access to Proxmox VMs and Containers
- Facing my digital worse nightmare