Jenkins reset admin password

From vpsget wiki
Revision as of 13:23, 21 June 2018 by Ndi (talk | contribs) (Created page with "How to reset Jenkins admin password w/o disabling security. Usually Jenkins config files located under /var/lib/jenkins/ However you may find where is Jenkins using find: ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How to reset Jenkins admin password w/o disabling security.

Usually Jenkins config files located under /var/lib/jenkins/ However you may find where is Jenkins using find:

#find / -name "config.xml" | grep "jenkins"
/var/lib/jenkins/config.xml

The users configs located in users/ folder. the admin user may be under differ name (usually "admin" but not always). You may find who is admin in jenkins config:

#cat /var/lib/jenkins/config.xml | grep -A3  Matrix
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:admin</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:user2</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:admin</permission>

We can see that admin and user2 have admin access. So let's reset password for admin. The password is crypted with bcrypt and located in "config.xml" under "/var/lib/jenkins/users/admin/" folder. The crypted password stored in a next line:

<passwordHash>#jbcrypt:$2a$06$RMFkWM4/hdKdoTPumXD6Se85YFTqnCWOZKWTlMfEornCHxwx.KuqO</passwordHash>

You need to generate new bcrypt password hash for desired password. You can use online services but more secure is to use bcrypt lib for python for example:

pip install bcrypt
python
>>> import bcrypt
>>> bcrypt.hashpw("yourpassword", bcrypt.gensalt(rounds=10, prefix=b"2a"))

'YOUR_HASH'

This will output your hash, with prefix 2a, the correct prefix for Jenkins hashes. Now, edit the config.xml file: ... <passwordHash>#jbcrypt:YOUR_HASH</passwordHash> ...

restart Jenkins :

systemctl  restart jenkins #centos/rhel
service jenkins restart #ubuntu/debian

now you can login with new password