qm-guest-passwd

Set a password for a specific user in a virtual machine interactively

$ qm [[g|guest]] [[p|passwd]] [vm_id] [username]

$ qm [[g|guest]] [[p|passwd]] [vm_id] [username] --crypted 1

qm guest passwd <vmid> <username> [<password>] [OPTIONS]

<vmid>: The numeric ID of the virtual machine to target.
<username>: The username inside the guest VM whose password is to be changed (e.g., 'root', 'administrator').
[<password>]: Optional. The new password to set. If omitted, the command might prompt for it interactively for security, or the guest agent might reset it to an empty/disabled state depending on the guest OS and agent capabilities.

--timeout
    Set the maximum timeout in seconds for the guest agent command to complete. The default value is typically 60 seconds.

--verbose
    Enable verbose output, providing more detailed information about the execution process.

--debug
    Enable debug output, showing even more low-level details, useful for troubleshooting issues.

--ignore-lock
    Force the command to execute even if the VM is locked (e.g., by another task). Use with caution as it can lead to inconsistencies if concurrent operations are not handled properly.

The `qm guest passwd` command, an integral part of the Proxmox VE (Virtual Environment) suite, empowers administrators to remotely set or reset the password for a designated user within a QEMU/KVM virtual machine. This powerful utility operates by establishing communication with the QEMU Guest Agent (`qemu-ga`), which must be installed and running inside the guest operating system. Its primary purpose lies in facilitating password recovery when guest OS access is compromised, or for streamlining the initial configuration and automation of VM deployments. The command is versatile, supporting various guest operating systems, including common Linux distributions and Windows, provided the `qemu-ga` service is active and functional.

This command requires the QEMU Guest Agent (`qemu-ga`) to be installed, running, and properly configured within the target guest virtual machine. The `guest-agent` option must also be enabled for the VM in Proxmox's hardware settings.
The guest OS must support the password-setting functionality via `qemu-ga`. This works reliably on most modern Linux distributions and Windows.
Passing the password directly on the command line (e.g., `qm guest passwd 101 root mypass`) can expose the password in shell history or process listings. Consider omitting the password argument if interactive prompting is desired or using more secure methods.
Requires appropriate privileges on the Proxmox host (typically root or a user with `PVEVM.GuestControl` permissions).

The success of `qm guest passwd` is entirely dependent on the QEMU Guest Agent (`qemu-ga`) being installed and active within the target guest VM. Without `qemu-ga`, the hypervisor has no means to communicate password change requests to the guest operating system. Ensure the guest agent is enabled in the VM's hardware settings in Proxmox to utilize this feature.

When providing the new password directly as an argument to `qm guest passwd`, be mindful of command line history and process visibility. For increased security, consider omitting the password argument and allowing the command to prompt for it interactively if your environment supports it, or use secure shell practices to avoid exposing sensitive information in plain text logs or history files.

The `qm guest passwd` functionality was introduced as part of the QEMU Guest Agent integration into Proxmox VE. It evolved to provide more robust guest management capabilities, particularly useful for automation and recovery scenarios in virtualized environments. Its development aligns with Proxmox's goal of offering comprehensive VM lifecycle management capabilities through its command-line interface.

qm(1): The primary command-line tool for managing virtual machines and containers in Proxmox VE. The `guest` subcommand is part of `qm`., qemu-ga(8): The QEMU Guest Agent daemon, which runs inside the guest VM and facilitates communication with the hypervisor., passwd(1): The standard Linux command used by users to change their own password within a guest OS.