account updatesubcommand is used to unlock an account and migrate it to the newest format. This is useful for accounts that may have been created in a format that has since been deprecated. The same command can be used to update the account password. The current password and account address are needed in order to update the account, as follows:
geth account update a94f5374fce5edbc8e2a8697c15331677e6ebf0b
The following will be returned to the terminal:
Unlocking account a94f5374fce5edbc8e2a8697c15331677e6ebf0b | Attempt 1/3
Account 'a94f5374fce5edbc8e2a8697c15331677e6ebf0b' unlocked.
Please give a new password. Do not forget this password.
Alternatively, in non-interactive mode the path to a password file containing the account password in unencrypted plaintext can be passed with the
geth account update a94f5374fce5edbc8e2a8697c15331677e6ebf0b --password path/password.txt
Updating the account replaces the original file with a new one - this means the original file is no longer available after it has been updated.
In Geth, accounts are locked unless they are explicitly unlocked. If an account is intended to be used by apps connecting to Geth via RPC then it can be unlocked in non-interactive mode by passing the
--unlockflag with a comma-separated list of account addresses (or keystore indexes) to unlock. This unlocks the accounts for one session only. Including the
--unlockflag without any account addresses defaults to unlocking the first account in the keystore.
geth <other commands> --unlock 0xa94f5374fce5edbc8e2a8697c15331677e6ebf0bs
Geth will start and prompt the user to input the account password in the terminal. Alternatively, the user can provide a password as a text file and pass its path to
geth <other commands> --unlock 0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b --password path/password.txt
Note: By default, account unlocking is forbidden when HTTP or Websocket access is enabled (i.e. by passing
wsflag). This is because an attacker that manages to access the node via the externally-exposed HTTP/WS port can then control the unlocked account. It is possible to force account unlock by including the
--allow-insecure-unlockflag but this is unsafe and not recommended except for expert users that completely understand how it can be used safely. This is not a hypothetical risk: there are bots that continually scan for http-enabled Ethereum nodes to attack
geth.ipcfile. This file can be found in the data directory. Assuming the data directory is named
datathe console can be started using:
geth attach data/geth.ipc