Changing the password on the RHEL 7 kvm qcow2 download (links updated 3/15/2016)

Latest response

(Links updated / last reviewed March 15, 2016)


  • Freshly downloaded RHEL7 qcow2 KVM image to be a guest virtual system under KVM virtualization.
  • Red Hat Enterprise Linux 6 as the host system running KVM virtualization.
  • This is in review for Fedora Linux as a host system running KVM virtualization (this review is not completed)


You will find you need to change the password if you download a RHEL 7 kvm qcow2 image. This discussion goes into two different methods to do this. Make a note in the discussion area if you happen to have any suggestions etc...

Red Hat Enterprise Linux 7.x is now Generally Available (GA) (getting started guide) and available including in a qcow2 KVM image at the Red Hat Enterprise Linux product page (NOTE: a subscription is required, and this link is subject to change). The image is approximately 5 GB). You have to "root the system" after attaching it to a KVM session.

Download 7.2 KVM image at:

  • Use this link to download 7.2 RHEL qcow2 image (link last checked 3/15/2016)

Method 1, Red Hat Documentation, Recovering Root Password (with grub 2)

See Red Hat Enterprise Linux 7 System Administrator's Guide: Changing and Resetting the Root Password.

Method 2 - Using "guestfish" to change the Password for the root account

You can use guestfish to edit a running system under KVM virtualization:
- You can use "guestfish" to edit the /etc/shadow file and change the root password.
- Guestfish is an interactive shell that you can use from the command line or from shell scripts to access guest virtual machine file systems. (See example below):

  • If needed, first install the guestfish rpm.
  • Red Hat Enterprise Linux 7.x (This command will not work on Fedora, If you are using Fedora Linux, see next block)
yum -y install guestfish

Thanks Ben Woodard from Red Hat FEDORA LINUX 20

# yum -y install libguestfs-tools
  • Import the qcow2 image into KVM. The image will be named something along the lines of: "rhel-guest-image-7.1-20150224.0.x86_64.qcow2", (as of July 2nd, 2015, the version will of course change over time)
    • Change the password on the newly imported KVM to get on the pre-built system.

Example steps to change the root password using guestfish:
- This set of instructions is for use on the host system that has the kvm RHEL 7 guest. The following is from Red Hat solution ID 641193
- The syntax is: guestfish --rw -a <image-name>
- (Note, your system may be /dev/vda1, mine was /dev/sda1. Use the 'list-filesystems' command)

root@box1 # guestfish --rw -a ./rhel-guest-image-7.1-20150224.0.x86_64.qcow2 ><fs> run ><fs> list-filesystems ><fs> mount /dev/sda1 / ><fs> vi /etc/shadow NOTE: after you perform the following steps you use "quit" to exit. DO NOT EXIT NOW, proceed with the following steps
  • Replace the encrypted password (add it while you are still in vi).
    This will set the password for the image permanently.
  • An encrypted password can be created using the openssl command (see an example below).

NOTE: Open a separate terminal window to create an encrypted password with the openssl command (see example just below)

Separate window, different terminal window

[root@someothersystem ~]# openssl passwd -1 changeme
  • There is a vi session open from the guestfish session mentioned above.
  • Copy the output of the openssl command above and appropriately place it into the /etc/shadow file you have opened with vi.

When done type "quit"

><fs> quit


Nice guide, Remmele. Thanks for posting it here.

Thanks David!

could you please update link to the method 1 ? currently it refers to non existing location.

Thanks Peter - I updated the link.

Successfully changed the pass ..
i tried to install gnome desktop but failed :p

Glad it worked...

Regarding Gnome desktop... try Red Hat Solution ID 5238 at this link... If it fails, then open a new discussion in the discussion area and let us know how it goes.

duplicate post deleted

Links updated in original post now that RHEL 7 is GA and no longer a beta/RC.

On Fedora 20 it is not:

# yum -y install guestfish

it is:

# yum -y install libguestfs-tools

Thanks Ben, I updated the original post...

Thank you so much guys :-)

Will check this in about a week or so for rhel 7 host.
- However the instructions for the rhel 7 guest should still work. will check.

Many thanks for keeping it updated, Remmele

I tested this for RHEL 7 today, works fine as written. The only difference is the name of the iso file [./rhel-guest-image-7.0-20140930.0.x86_64.qcow2]

The RHEL 7 yum command is still wrong "yum install libguestfs-tools"

It will be a while before i can update this, did you by chance have the proper RPM for rhel7? I won't be able to look at this for a while, thanks

The proper rpm on RHEL 7 (at least on the Red Hat internal desktop build) is libguestfs-tools. I installed that and was able to edit the image.

The only thing I'd add is to insert the openssl generated password into field 2 of /etc/shadow for the root user, or suggest man shadow to understand the file. Other than that, perfect.

Thank you everyone for the input, apologies I have not had time to update this, I'm rather busy at the moment with priorities.

No problems R! Thanks for your efforts on this!

To help people find this, is it possible to add a link to this article to the description of the KVM Guest Image in the downloads section?

Hi Laura, great idea, I most certainly would do so if I had access to add a link to this discussion from the KVM Guest Image in the download section.

However, I did add a Download bit for 7.2 KVM in this discussion in the original post today,

Thanks Laura

As indicated in the KCS: to make a note in case of suggestions:

  1. The Environment should be

- RHEL 7 - RHEL 6

  1. It would be nice to have a clear method for each RHEL. I do not know about RHEL6 but on RHEL7 the easiest way to change the password is this: virt-customize -a undercloud.qcow2 --root-password password: IMO this should be the first method recommended since we are modifying a qcow2 image vs break into a server etc.

  2. If another section to specify how to do the same thing on RHEL6 it would make this article even more clear.

I agree with Ruchika, there is an easier way to do this. I also remove "cloud-init" when I'm using Virtual Machine Manager / Boxes / VMware Workstation / etc...

Example for RHEL7

$ virt-customize -a rhel-guest-image-7.2-20160302.0.x86_64.qcow2 --root-password password:PASSW0RD --uninstall cloud-init
[   0.0] Examining the guest ...
[  12.1] Setting a random seed
[  12.1] Uninstalling packages: cloud-init
[  14.5] Setting passwords
[  15.9] Finishing off

It also works for RHEL6

$ virt-customize -a rhel-guest-image-6.8-20160425.0.x86_64.qcow2 --root-password password:PASSW0RD --uninstall cloud-init
[   0.0] Examining the guest ...
[  14.5] Setting a random seed
[  14.5] Uninstalling packages: cloud-init
[  17.0] Setting passwords
[  18.1] Finishing off

Ruchika Kharwar, John Call, thanks for the input, I'll look to add your bits to this,

Kind Regards

Still working and helpful, thanks!

Thanks JC

Also works in rhel 8.1

sudo virt-customize -a rhel-8.1-x86_64-kvm.qcow2 --root-password password:changeme --uninstall cloud-init 
[   0.0] Examining the guest ...
[   2.3] Setting a random seed
[   2.3] Uninstalling packages: cloud-init
[   9.6] Setting passwords
[  12.7] Finishing off

This link may be helpful for changing password of RHEL 8 kvm image on a RHEL-7 host.

Here is a simple wrapper script with this kbase and a few others

!/bin/bash -x 

# made by andrew puch 
# Note: 
# should there may be issues on rhel7 hyper-visor messing with rhel8 
# see

# also see other option to add more value to your script  
#virt-customize --help 

# sample run 
# ./ idm-rhel-8.4-x86_64-kvm.qcow2 changeme 

#virt-customize -a idm-rhel-8.4-x86_64-kvm.qcow2  --root-password  password:redhat --uninstall cloud-init
virt-customize -a $1   --root-password  password:$2 --uninstall cloud-init --hostname $3

Sample run

./ idm-rhel-8.4-x86_64-kvm.qcow2 changeme 
+ virt-customize -a idm-rhel-8.4-x86_64-kvm.qcow2 --root-password password:changeme --uninstall cloud-init
[   0.0] Examining the guest ...
[   9.0] Setting a random seed
[   9.1] Setting the machine ID in /etc/machine-id
[   9.1] Uninstalling packages: cloud-init
[  21.2] Setting the hostname: idm-hub.lan
[  21.3] Setting passwords
[  33.5] Finishing off

Thank you Andrew Puch for the great update to this