How to Login to CentOS 7 GenericCloud Image on OpenStack: Root Access & Password Configuration


42 views

The CentOS-7-x86_64-GenericCloud image is specifically designed for cloud environments like OpenStack, AWS, and other virtualization platforms. Unlike standard CentOS installations, it doesn't come with a predefined root password due to security best practices in cloud environments.

When you deploy the CentOS GenericCloud image in OpenStack, you typically have these access options:

1. SSH Key Authentication: The primary method, using the keypair you specified during instance creation

2. Cloud-init: The image includes cloud-init for automated configuration

If you created the instance with an SSH keypair:

ssh -i your_private_key.pem centos@your_server_ip

Or for older images:

ssh -i your_private_key.pem cloud-user@your_server_ip

The default username varies between 'centos' and 'cloud-user' depending on the image version.

If you need to set a root password, first gain access via SSH key, then:

sudo passwd root

Enter your new password when prompted. Then enable root login in SSH:

sudo sed -i 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config
sudo systemctl restart sshd

For automated configuration, create a cloud-init user-data file:

#cloud-config
users:
  - name: centos
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2E...
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash

chpasswd:
  list: |
    root:your_secure_password
  expire: False

If you're locked out, use the OpenStack console to access the instance in rescue mode:

openstack server rescue your_instance_id --image rescue_image_id

Then mount the filesystem and edit /etc/shadow to reset the password.

When working with the CentOS 7 Generic Cloud image in OpenStack environments, you'll encounter a key-based authentication system rather than traditional password login. The image is specifically designed for cloud deployments with security best practices in mind.

The Generic Cloud image utilizes cloud-init for initial configuration. This means the standard root password authentication is disabled by default. Here's how the authentication flow works:

# Typical cloud-init user configuration
users:
  - name: centos
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1... user@host
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]

Option 1: Using the 'centos' User with SSH Key
Most cloud images create a default user account. For CentOS 7 Generic Cloud:

ssh -i your_private_key.pem centos@your-server-ip

Option 2: Injecting SSH Key Through OpenStack
When launching the instance, you can specify your SSH public key:

openstack server create --image CentOS-7-x86_64-GenericCloud \
  --flavor m1.small --key-name your-keypair \
  centos7-instance

If you need password authentication, follow these steps after gaining initial access:

# Become root
sudo -i

# Set root password
passwd
(enter new password twice)

# Enable password authentication in SSH
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config

# Restart SSH service
systemctl restart sshd

If you're unable to connect, check these common problems:

  • Security groups not allowing SSH (port 22)
  • Incorrect key pair association
  • Cloud-init not completing successfully (check /var/log/cloud-init.log)

For production environments, consider using user-data scripts:

#cloud-config
users:
  - name: admin
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1... admin@workstation
    sudo: ['ALL=(ALL) ALL']
chpasswd:
  list: |
    root:new-secure-password
  expire: False