Lost root access

[outpostmm]

Hello,

This is for an in-house development server running CentOS. It looks like we have lost root access, it no longer works to connect using the saved password. No one I've talked to has changed it. I can connect via SSH or SFTP, but authentication fails. It looks like the individual hosting accounts are still online and reachable. I'm not sure if root is simply locked out because of failed attempts, or if the password was actually changed.

I have physical access to the server, what are my options? What can I try?

Thanks

 

[StuartMacfarlane]

If you don't have the root password then your first step is going to be to reboot the server into single-user mode which will give you the ability to reset the root password.

https://www.centos.org/docs/5/html/Installation_Guide-en-US/s1-rescuemode-booting-single.html

If this does not work then you might be locked out by cphulk which locks the root user out after multiple attempts and failed logins.
This one then becomes a bit more complicated as you need to start the server in single-user mode and also start the mysql database in order to purge the relevant tables containing your IP on the blacklist.

 

[outpostmm]

I wasn't able to go into single user mode, I'm not even sure if the system is using grub. There was a brief splash screen which said to press any key to get to the menu, but it seemed to be ignoring my attempts. However, after a reboot I am now able to log in again.

 

[cPanelMichael]

Hello

I am happy to see you were able to access the server. Ensure you review "WHM Home » Security Center » cPHulk Brute Force Protection" and verify your IP address is added to the whitelist.

Thank you.