Updating accounts
The
account update
subcommand is used to unlock an account and migrate it to the newest format. This is useful for accounts that may have been created in a format that has since been deprecated. The same command can be used to update the account password. The current password and account address are needed in order to update the account, as follows:geth account update a94f5374fce5edbc8e2a8697c15331677e6ebf0b
The following will be returned to the terminal:
Unlocking account a94f5374fce5edbc8e2a8697c15331677e6ebf0b | Attempt 1/3
Passphrase:
0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b
Account 'a94f5374fce5edbc8e2a8697c15331677e6ebf0b' unlocked.
Please give a new password. Do not forget this password.
Passphrase:
Repeat Passphrase:
0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b
Alternatively, in non-interactive mode the path to a password file containing the account password in unencrypted plaintext can be passed with the
--password
flag:geth account update a94f5374fce5edbc8e2a8697c15331677e6ebf0b --password path/password.txt
Updating the account replaces the original file with a new one - this means the original file is no longer available after it has been updated.
In Geth, accounts are locked unless they are explicitly unlocked. If an account is intended to be used by apps connecting to Geth via RPC then it can be unlocked in non-interactive mode by passing the
--unlock
flag with a comma-separated list of account addresses (or keystore indexes) to unlock. This unlocks the accounts for one session only. Including the --unlock
flag without any account addresses defaults to unlocking the first account in the keystore.geth <other commands> --unlock 0xa94f5374fce5edbc8e2a8697c15331677e6ebf0bs
Geth will start and prompt the user to input the account password in the terminal. Alternatively, the user can provide a password as a text file and pass its path to
--password
:geth <other commands> --unlock 0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b --password path/password.txt
Note: By default, account unlocking is forbidden when HTTP or Websocket access is enabled (i.e. by passing
--http
or ws
flag). This is because an attacker that manages to access the node via the externally-exposed HTTP/WS port can then control the unlocked account. It is possible to force account unlock by including the --allow-insecure-unlock
flag but this is unsafe and not recommended except for expert users that completely understand how it can be used safely. This is not a hypothetical risk: there are bots that continually scan for http-enabled Ethereum nodes to attackAccount management can also be achieved in the Javascript console attached to a running Geth instance. Assuming Geth is already running, in a new terminal attach a Javascript console using the
geth.ipc
file. This file can be found in the data directory. Assuming the data directory is named data
the console can be started using:geth attach data/geth.ipc
Last modified 5mo ago