You just finished installing Proxmox VE, or maybe you inherited a server someone else set up years ago and nobody remembers the password. Either way, at some point you need to change the root password — and if you've never done it on a Debian-based hypervisor before, the options in the web interface aren't exactly self-explanatory.

This is different from recovering a password you've completely forgotten. If you're locked out entirely and can't log in anywhere, you need GRUB recovery mode, not this guide. If you can still log in — to the GUI, over SSH, or at the physical console — and you just want to set a new password, you're in the right place.

What You Will Learn

By the end of this tutorial you'll know three separate ways to change the root password on a Proxmox VE host: through the web GUI, through a plain Linux shell, and through Proxmox's own command-line user manager. You'll also understand why there are three ways to do the same thing, which one to actually use day to day, and what to do if the change doesn't seem to take effect.

What Is This Feature?

The root password on a Proxmox VE host is just the Linux system password for the root user on the underlying Debian installation. Proxmox VE isn't a separate operating system with its own login database sitting on top of Linux — it's Debian with a web interface, a cluster daemon, and virtualization tooling installed on it. When you log into the Proxmox web GUI as root@pam, the pam part means "authenticate this against the Linux system's PAM stack," the same mechanism that checks your password when you SSH in or sit down at the physical console.

That matters because it means changing the root password isn't a Proxmox-specific setting buried in some config file. It's the same password check used everywhere on the box. Change it once, and it changes everywhere — GUI login, SSH, TTY console, all of it, instantly.

Contrast that with @pve realm accounts, which are users Proxmox manages itself in its own internal database, unrelated to the Linux system. Those have separate passwords stored separately. If you've set up individual admin accounts through Datacenter > Permissions > Users, this guide doesn't directly apply to them — though the GUI method below happens to work for both realms.

Why Would You Use It?

The most common reason is simply security hygiene. If you set a quick throwaway password during installation because you were in a hurry, you should replace it with something stronger before the server is reachable from anywhere but your own LAN.

The second reason is turnover. If a contractor, employee, or former housemate had root access to your homelab box and no longer should, rotating the password is step one — right alongside revoking any SSH keys and API tokens they had.

I'd also add: if you're the only person who touches this server and it's not exposed to the internet, don't lose sleep over rotating the root password on a schedule. Most homelab users never need to do this more than once or twice a year. It's the exposed, shared, or handed-down servers that actually need it done properly.

Prerequisites

  • A working Proxmox VE installation (this applies to both the 8.x and 9.x release lines — the mechanism hasn't changed).
  • Some way to authenticate right now: either you're already logged into the web GUI, you have SSH access, or you have physical/console access to the machine.
  • If you're changing the password for a node other than the one you're logged into, you'll need cluster access — but for a single node or the node you're sitting on, none of that matters.

If none of the above apply — if you truly can't get in anywhere — this isn't the guide you need. Look for a GRUB single-user-mode recovery procedure instead, which boots the server into a minimal shell without requiring the old password at all.

Step-by-Step Tutorial

Method 1: Change it from the web GUI

This is the method most beginners reach for first, and honestly it's the easiest one if you're already logged in.

  1. Log into the Proxmox web interface at https://your-server-ip:8006.
  2. In the left-hand tree, click Datacenter, then open Permissions and select Users.
  3. Find root@pam in the list and click on its row to select it.
  4. In the toolbar above the table, click the Password button. Don't click Edit — that dialog only lets you change things like the comment, email, and expiration date, not the password itself.
  5. A small dialog opens with two fields: the new password, and a confirmation field. Type the same password into both.
  6. Click OK.

That's it. No confirmation email, no "current password" prompt — if you have access to click that button, Proxmox trusts that you're allowed to make the change. This is one reason root access to the GUI should never be shared casually.

Method 2: Change it from a shell with passwd

If you're SSH'd into the server, or you've opened a shell from the GUI (Node > Shell, which drops you into an xterm.js terminal right in the browser), you can use the standard Linux tool for this.

passwd

Run this while logged in as root and it prompts you for a new password twice, with no need to enter the old one first — root can change its own password without re-authenticating. It'll ask:

New password:
Retype new password:

Type the password (it won't echo any characters, not even asterisks — that's normal Linux behavior, not a frozen terminal), hit enter, then type it again to confirm. You should see passwd: password updated successfully.

If you're logged in as a different user with sudo rights and want to change root's password specifically, run:

sudo passwd root

Method 3: Change it with pveum

pveum is Proxmox's own command-line user management tool — the CLI equivalent of the Datacenter > Permissions > Users page in the GUI. It works for both PAM and PVE realm accounts, which makes it handy if you're scripting account setup or you'd rather stay inside Proxmox's own tooling instead of touching raw Linux commands.

pveum passwd root@pam

This prompts for a new password interactively, same as passwd does. There's also a non-interactive form for automation:

pveum passwd root@pam --password 'YourNewStrongPassword123!'

Be careful with that second form — the password ends up in your shell history in plain text unless you take extra steps to avoid it. I'd only use it inside a script that's never going to be read by anyone else, and even then I'd rather pull the password from a secrets manager than hardcode it.

Verify it worked

Log out of the web GUI (or open a private browser window) and log back in with the new password. Do this before you close your existing SSH session or shell — if something went wrong, you want an active, authenticated session available to fix it, not a locked door.

Commands Explained

CommandWhat it does
passwdStandard Linux command to change the password of the currently logged-in user. When run as root with no arguments, it changes root's own password.
passwd rootChanges the password for a specific named user — here, root — rather than the user currently logged in. Requires root or sudo privileges to run against another account.
pveum passwd <userid>Proxmox's own user manager command for setting a password on any Proxmox-recognized account, PAM or PVE realm. Functionally the same result as the GUI's Password button.

Common Errors

"passwd: Authentication token manipulation error" — this usually means the root filesystem is mounted read-only, or the disk is completely full. Run df -h / to check free space first; a full / partition on a ZFS boot pool is a common cause on homelab boxes that also store backups locally.

"You do not have permission to change this user's password" in the GUI — you're logged in as a user without User.Modify or Sys.Modify permission on the relevant ACL path. If you're not logged in as root or an admin-equivalent account, this is expected behavior, not a bug.

Password rejected as "too weak" — by default, Proxmox VE's Debian base does not enforce password complexity through PAM's pwquality module unless it's been configured to. If you do see a complexity rejection, someone has hardened this install beyond the defaults — check /etc/pam.d/common-password or /etc/security/pwquality.conf for the actual rule before assuming your password is the problem.

Troubleshooting

If you changed the password through the GUI and the new one doesn't work, try the shell method instead before panicking. Occasionally a browser session caches an old auth ticket and reports a wrong-password error that has nothing to do with whether the actual change succeeded — closing the tab entirely and opening a fresh one resolves this more often than you'd expect.

If passwd hangs or the terminal seems unresponsive after you type the new password, that's almost always just Proxmox's browser-based shell being slow to redraw, not a stuck process. Give it a few seconds before assuming something broke.

If you're in a cluster and changed the password on one node, remember that root's password is a per-node Linux account, not a cluster-wide setting synced by Corosync (the cluster communication service Proxmox uses to keep nodes in sync). You need to repeat the change on every node individually, or push it out with a configuration tool like Ansible if you're managing several nodes.

Best Practices

  • Use a long passphrase rather than a short complex-looking string — length beats cleverness, and a password manager makes this painless.
  • Turn on two-factor authentication for root logins to the GUI if the server is reachable from outside your LAN. It's a separate setting from the password itself, and it stops a leaked password from being enough on its own.
  • Don't share the root password among multiple admins. Create individual accounts with scoped permissions instead — root should be the account you fall back to, not the one everyone logs in with daily.
  • Rotate the password whenever someone with access leaves the team, not on a fixed calendar schedule that gives you a false sense of security.
  • If you use SSH key-based login, remember a root password change doesn't touch your keys at all — those are managed completely separately in ~/.ssh/authorized_keys.

Frequently Asked Questions

Does changing the root password log out my active sessions?

No. Existing authenticated sessions in the GUI and open SSH connections stay connected. Only future login attempts require the new password.

Will this affect my virtual machines or containers?

No. The root password belongs to the Proxmox host itself. VMs and LXC containers have their own separate operating systems with their own passwords, untouched by this change.

Can I use this same GUI method for other users, not just root?

Yes, the Password button works for any PAM or PVE realm user you have permission to manage. It does not work for accounts backed by LDAP or Active Directory — those passwords are controlled by the external directory server, not Proxmox.

Is there a minimum password length enforced?

Not by default. Proxmox VE relies on whatever PAM configuration Debian ships with, which doesn't enforce a minimum out of the box. Enforcing one is on you.

What if I run pveum passwd and get "unknown command"?

You're most likely running an old Proxmox VE version. The pveum passwd subcommand has been present for a long time, but if you're on something ancient, update the host first — an unpatched Proxmox install has bigger problems than a missing subcommand.

Conclusion

Changing the root password on Proxmox VE takes about thirty seconds once you know where to look, and now you've got three ways to do it depending on whether you're sitting in the GUI, in a shell, or scripting the whole thing. Pick whichever fits the situation — the GUI's Password button for quick one-off changes, passwd when you're already in a terminal, and pveum when you want to stay inside Proxmox's own tooling. Just remember it's a per-node, per-account change, not something that quietly propagates across a cluster on its own.