Access Recovery

If you’ve lost the private key of an SSH keypair used to log into Fedora CoreOS, and do not have any password logins set up to use at the console, you can gain access back to the machine by booting into single user mode with the single kernel command-line argument:

  1. When booting the system, intercept the GRUB menu and edit the entry to append single to the kernel argument list, then press Ctrl-X to resume booting.

  2. Wait for the system to boot into a shell prompt

  3. Set or reset the password for the target user using the passwd utility.

  4. Finally, reboot the system with /sbin/reboot -f.

You should now be able to log back into the system at the console. From there, you can e.g. fetch a new public SSH key to add to ~/.ssh/authorized_keys and delete the old one. You may also want to lock the password you’ve set (using passwd -l). Note that Fedora CoreOS by default does not allow SSH login via password authentication.