Hey everyone. Matthew Sanabria here. You just launched your first cloud instance and you’re wondering,
Where’s my root password?
Here’s why you won’t find one- cloud instances typically don’t have a root password for security reasons. These instances are generally accessible on the public internet and removing the root password eliminates several attack vectors such as weak passwords, forgetting to rotate passwords, and brute force attacks.
Users are meant to use SSH key pairs for authentication rather than passwords. They’re much more secure and don’t require remembering some complex password. SSH key pairs are made up of a private key and a public key. Now, I’m not gonna get into the weeds of cryptography here, but the gist is that you hold onto the private key and you upload the public key to the cloud instance you wish to connect to.
Even with SSH key pairs, you likely won’t be able to log into your cloud instance as root. There’s typically another non root user for you to log in as. For example, in Ubuntu, the non root user may be named Ubuntu. This is often referred to as the default user for the cloud instance. When you create a cloud instance, you can specify the SSH public key that will be loaded into the instance.
This doesn’t happen magically though, there’s a service listening there called cloud-init, and it’s responsible for reading the SSH public key and configuring the default user on the cloud instance to use this SSH public key for authentication.
You might be wondering, can I set a root password if I wanted to?
Sure, you can, but it’s generally a good practice to keep the root user disabled and to use the non root user to access the cloud instance, both generally and in an emergency. The next time you provision a cloud instance, you’ll now have a better understanding of why there’s no root password and why SSH key pair authentication is the recommended way to connect to your instance.
I hope you enjoyed this one, and I’ll see you in the next one.