When you first get a CentOS VPS, it typically comes with either password-based or key-based SSH authentication. While SSH keys are more secure, many providers still use default passwords for initial access. The standard procedure involves the passwd command, but there are important security considerations.
Before proceeding, ensure you:
- Have active SSH access to your VPS
- Know the current password (for authentication)
- Are logged in as a regular user with sudo privileges
Here's the complete procedure to update your SSH password:
# Login to your VPS via SSH
ssh your_username@your_server_ip
# Change password for current user
passwd
# You'll be prompted for:
# 1. Current password
# 2. New password (entered twice)
# Note: Password won't echo as you type
When creating your new password:
- Use at least 12 characters (16+ recommended)
- Combine uppercase, lowercase, numbers, and special characters
- Avoid dictionary words or common patterns
- Consider using a password manager
Example of a strong password pattern: V3ry$tr0ngP@ssw0rd!2023
For maximum security, consider disabling password authentication entirely:
# Generate SSH key pair on your local machine
ssh-keygen -t ed25519
# Copy public key to server
ssh-copy-id your_username@your_server_ip
# Disable password authentication in SSH config
sudo nano /etc/ssh/sshd_config
# Change these lines:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
# Restart SSH service
sudo systemctl restart sshd
If you encounter problems:
- Permission denied: Verify you're using correct current password
- Password too simple: CentOS may enforce complexity rules
- Locked out: Always maintain alternative access (console or backup user)
For emergency access, most VPS providers offer web-based console access to reset credentials.
For system administrators managing multiple servers, consider automating password rotation:
#!/bin/bash
# Script to rotate passwords on multiple servers
SERVERS=("server1" "server2" "server3")
NEW_PASSWORD=$(openssl rand -base64 16)
for server in "${SERVERS[@]}"; do
ssh admin@$server "echo 'admin:$NEW_PASSWORD' | sudo chpasswd"
echo "Password changed for $server"
done
When you first receive a new CentOS VPS, it often comes with a default or auto-generated SSH password that might be weak or easily guessable. This creates a significant security vulnerability, especially for internet-facing servers. Changing this password should be one of your first configuration steps.
Connect to your CentOS server via SSH using your current credentials:
ssh root@your_server_ip
Once logged in, execute the following command to change the password for your current user (typically root for new VPS instances):
passwd
The system will prompt you to enter the new password twice. For security best practices:
- Use at least 12 characters
- Include uppercase, lowercase, numbers and special characters
- Avoid dictionary words or common patterns
To ensure the password has been successfully updated, open a new terminal window and attempt to login with the new credentials:
ssh root@your_server_ip
If successful, you'll gain access. If not, you might need to investigate potential typos or permission issues.
For even better security, consider disabling password authentication altogether and using SSH keys:
# Generate key pair on your local machine ssh-keygen -t rsa -b 4096 # Copy public key to server ssh-copy-id root@your_server_ip # Disable password authentication in /etc/ssh/sshd_config PasswordAuthentication no
For system administrators managing multiple servers, you can script password changes using:
#!/bin/bash NEW_PASSWORD="your_secure_password_here" for server in server1 server2 server3; do ssh root@$server "echo 'root:$NEW_PASSWORD' | chpasswd" done
Remember to make this script executable with chmod +x and store it securely.
If you encounter "Permission denied" errors after changing the password:
- Double-check Caps Lock status
- Verify keyboard layout differences
- Ensure you're using the correct username
- Check if SELinux might be interfering