Jenkins reset admin password
How to reset Jenkins admin password w/o disabling security. In this example we assume that your Jenkins configuration use Project Matrix Authorization Strategy If you are using LDAP - this is related to your LDAP/ActiveDirectory administation.
Usually Jenkins config files located under /var/lib/jenkins/ However you may find where is Jenkins using find:
#find / -name "config.xml" | grep "jenkins" /var/lib/jenkins/config.xml
The users configs located in users/ folder. the admin user may be under differ name (usually "admin" but not always). You may find who is admin in jenkins config:
#cat /var/lib/jenkins/config.xml | grep -A3 Matrix <authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy"> <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:admin</permission> <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:user2</permission> <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:admin</permission>
We can see that admin and user2 have admin access. So let's reset password for admin. The password is crypted with bcrypt and located in "config.xml" under "/var/lib/jenkins/users/admin/" folder. The crypted password stored in a next line:
<passwordHash>#jbcrypt:$2a$06$RMFkWM4/hdKdoTPumXD6Se85YFTqnCWOZKWTlMfEornCHxwx.KuqO</passwordHash>
You need to generate new bcrypt password hash for desired password. You can use online services but more secure is to use bcrypt lib for python for example:
pip install bcrypt python >>> import bcrypt >>> bcrypt.hashpw("yourpassword", bcrypt.gensalt(rounds=10, prefix=b"2a")) 'YOUR_HASH'
This will output your hash, with prefix 2a, the correct prefix for Jenkins hashes. Now, edit the config.xml file:
... <passwordHash>#jbcrypt:YOUR_HASH</passwordHash> ...
restart Jenkins :
systemctl restart jenkins #centos/rhel service jenkins restart #ubuntu/debian
now you can login with new password