Posted 2015-03-28 to Ben Burwell's blog
Here’s the situation I recently found myself in:
I needed to reset my account password. Normally, with physical access to a machine, all bets are off when it comes to security. I tried booting up the machine into recovery mode by holding down shift as soon as the BIOS had finished loading. But when I selected the “Drop to root shell” option, I was prompted to enter the unknown root password.
My second approach was to boot into single user mode by editing the GRUB command script.
By going down to the recovery mode option and hitting e, you can edit
the GRUB commands. By adding
init=/bin/bash at the end of the line
linux that specifies the boot image, you can specify
an initial shell to use. Then I hit F10 to boot.
After waiting for about 30 seconds or a minute, I saw a message that waiting for
the root device (the locked disk) had timed out. I was then dumped into an
initramfs shell. From there, I was able to
unlock the disk by running
cryptsetup luksOpen /dev/sda3 sda3_crypt.
Next, I mounted the freshly-unlocked disk with
mount -o rw /dev/sda3 /root,
taking advantage of the pre-existing empty directory. From there, I used
chroot to run
passwd in the OS.
$ chroot /root passwd $ chroot /root passwd myUserName
By running these commands, I successfully reset both the root password as well as the password for my account. From there, I was able to restart the machine and boot normally.