Recovering a user's password via SSH

If the standard password recovery flow on the BeAdmin login page is unavailable, you can reset any user's password from the server console. The recover-password command generates a temporary password for the specified user.

When to use

Reset the password from the terminal only when all three conditions are met at the same time:

• Password recovery via the login form is unavailable: either the panel does not show a reset button (no SMTP relay configured), or the reset emails are not being delivered.
• There are no other administrators in the panel who could reset the password through the interface — there is no one to ask for help.
• You have SSH access to the server where BeAdmin is installed — as root or as a user with sudo privileges.

Step 1. Connect to the server via SSH

Connect to the server as root or as a user with sudo privileges:

ssh root@your_server_ip_address

If you are logging in as a regular user with sudo privileges, switch to root:

sudo -i

If you run into trouble with the SSH connection, see the dedicated article How to connect to server via SSH?.

Step 2. Run the recovery command

Run the following in the server's terminal:

beadmin -config /etc/beadmin/beadmin.conf recover-password -user admin@local.host

Command parameters:

• -config /etc/beadmin/beadmin.conf — path to the panel's configuration file. The default is /etc/beadmin/beadmin.conf; change it only if you specified a custom path during installation.
• -user admin@local.host — the email address of the user whose access you need to restore.

⚠️ The -user flag is required

If you run beadmin … recover-password without -user, the command will not show a prompt and will not reset the password — instead, the panel will simply restart in normal mode without changing the password. Always pass -user explicitly.

Step 3. Save the temporary password

If everything went well, the terminal will print a temporary password:

A new one-time password has been created successfully.
Use the temporary credentials below to access the BeAdmin web interface:

  User: admin@local.host
  Password: WhdqCiWLIKps

This one-time password is valid for about 10 minutes.

After signing in, navigate to Settings and update your password to a permanent one.
Your original password will remain valid until you authenticate using the provided one-time password.

Copy the value from the Password line — you will need it in the next step.

How the temporary password works

• The temporary password is valid for about 10 minutes from the moment it is created.
• Until you sign in with the temporary password for the first time, the old password keeps working — the temporary one is added on top of it rather than replacing it.
• On the first successful sign-in with the temporary password, it becomes the primary one and the old password is wiped. After that, open the profile section and set a new permanent password manually — the panel will not prompt you to do so.
• If you don't manage to sign in within 10 minutes, simply run recover-password again to get a new temporary password.

Step 4. Sign in to the panel and change the password

1. Open the BeAdmin panel in your browser (https://your_domain:8080 or https://server_ip:8080).
2. Enter the user's email address and the temporary password from the command output.
3. Right after signing in, open the profile section and set a new permanent password.

Security

• Don't leave the temporary password in your command history. After using it, delete the matching line from your shell history file (~/.bash_history or ~/.zsh_history) or clear the terminal output.
• Don't share the temporary password over insecure channels. If you need to pass the password to another user, use a secure channel.
• Access to the command equals full access to the panel, and BeAdmin does not log the run. Anyone with root or sudo access on the server can reset the password of any user regardless of their role; traces remain only at the server level (shell history, sshd logs). The only real control is the list of people with SSH access to the server.

Possible errors

Failed to recover password for user <email>: unknown user

A user with that address exists but is disabled. Enable them via the panel (or ask another administrator to do so) and run the command again. If the address contains a typo, the command may exit without any message — double-check it character for character.

No such file or directory for the configuration file

The path passed in -config does not exist. Check whether the standard config file is in place:

ls -l /etc/beadmin/beadmin.conf

If the file is in a different location, pass the correct path through the -config parameter.

Permission denied

The command needs read access to the configuration file and access to the panel's database. Run it as root or via sudo.

Useful links

• Set up SMTP relay
• How to connect to server via SSH?