Given the increasing use of Virtual Private Servers (VPS) for hosting websites, software, applications, and organizational services, the security of the operating system and the information on these servers has become one of the most important concerns for system administrators and developers.
One of the most basic, yet crucial, security measures in this regard is changing the password of the Root user or other users with administrative access.
Many users, after purchasing a VPS or reinstalling the operating system, use simple or default passwords; a practice that can significantly increase the risk of Brute Force attacks or unauthorized intrusions. This tutorial will help you learn different methods for changing passwords in common Linux distributions (including Ubuntu, Debian, CentOS, and AlmaLinux).
The Importance of Changing Passwords on a VPS
The password is the front line of defense against server intrusion. Ignoring security principles in setting or managing passwords can lead to unauthorized access to sensitive information and even complete loss of server control. Changing passwords regularly is an essential part of security policies in organizations and professional environments.
The main reasons for changing your password are:
- Increased security against automated and manual attacks (Brute Force, Dictionary Attack)
- Preventing misuse by individuals with previous access (contractors, former employees, etc.)
- Compliance with security standards and internal audits
- Reducing the risk of exposing simple or predictable passwords
Prerequisites for Changing the Password
Before starting the process, make sure the following are available:
- SSH access to the server (via clients such as PuTTY, MobaXterm, or Linux/Mac terminal)
- Or access to the server management console (if SSH is down or the password is forgotten)
- Basic familiarity with the Linux command line (Shell/Bash) to execute simple commands
Method 1: Changing the Password via SSH
Step 1: Connecting to the Server via SSH
In your terminal or Windows SSH tool, enter the following command:
ssh root@your-server-ip
If you are logging in with a non-root user:
ssh username@your-server-ip
Note: If you are using a non-default SSH port, use the -p option to specify the port.
Step 2: Executing the passwd Command
To change the password for the current account, simply run the following command:
passwd
If you want to change the password of another user (e.g., root), use the following command:
sudo passwd root
Step 3: Entering the New Password
The system will ask you to enter the new password twice. No characters will be displayed while typing — this is normal Linux behavior. After entering the password correctly, the following message will appear:
password updated successfully
Note: If the entered password is simple or weak, you may receive an error. In this case, enter a stronger password.
Method 2: Changing the Password Through the Management Panel (If SSH Access is Unavailable)
In situations where you have forgotten your current password or SSH connection is not possible (for example, due to port changes, firewall restrictions, or configuration errors), you should use the management console or VPS control panel.
General Steps:
- Login to the Hosting User Panel (such as Virtualizor, SolusVM, Proxmox, or the provider’s dedicated panel)
- Select the desired server
- Enter the Server Management section (Manage Server)
- Find options such as:
- Reset Root Password
- Change Password
- Set New Password
- Reset Root Password
- Enter the new password and confirm it
- (If needed) Reboot the server
Some control panels send the new password to the email registered in the user account. Check the Spam folder as well.
Password Security Enhancement Strategies
To prevent intrusion and enhance security, it is recommended to:
- Choose a password with at least 12 characters
- Use a combination of uppercase and lowercase letters, numbers, and special symbols such as: @, #, %, !
- Avoid using personal information such as name, date of birth, or contact number
- Use password management software such as:
- Bitwarden
- LastPass
- KeePass
- Bitwarden
- Change your password periodically (e.g., every 90 days)
- Enable Two-Factor Authentication (2FA) if supported
Conclusion
Proper password management is the first step in protecting your digital information and infrastructure. By following security tips, using reliable methods for changing passwords, and avoiding negligence, you can create a secure environment for your online services.
If you are a system administrator, developer, or business owner, remember that the simplest carelessness in setting a password can lead to significant costs.
Frequently Asked Questions
Will changing my password disconnect my current SSH connection?
No. As long as the session is active, the connection will not be interrupted. Only new connections will be affected by the new password.
How do I change the password of other users?
If you are logged in with the root account or a user with sudo access, simply run the following command:
passwd username
What to do if you forget the root password?
In this situation, use the server management panel or Rescue Mode to change or recover the password. Reinstalling the operating system is usually the last option and is often unnecessary.