When logging into a newly assigned Japanese cloud server for the first time, or when updating access permissions due to a complete rotation or colleague departure, changing the cloud server password becomes a crucial transaction. Changing passwords on a Linux Japanese cloud server is related to account security, access control, and subsequent maintenance convenience. From personal accounts to root superusers, from local logins to remote SSH connections, there are subtle but important differences in password changes across different scenarios.

The core command for changing passwords:

passwd

This command is designed to be both simple and secure. After logging in as a regular user, simply type

passwd

The system will first ask you to verify your current password. This step ensures that even if your terminal is temporarily unattended, others cannot directly change your password. After successful verification, the system will prompt you to enter a new password, which you will need to enter again to confirm.

Here is a crucial detail: for security, no characters (including asterisks *) will be displayed on the screen while you are typing your password, and the cursor will not move. This is normal. Please ensure you type accurately and fluently and press Enter. The system will perform a basic complexity check on the new password. If the password is too simple (e.g., a word from a dictionary or the same as the username), it may be rejected. A valid password typically needs to be at least 8 characters long and include uppercase and lowercase letters, numbers, and special characters.

For system administrators, it is often necessary to change passwords for other users. This requires the use of `sudo` privileges. The command is:

sudo passwd username

For example:

sudo passwd alice

When operating as an administrator, the process is different: the system will not ask you for the user's old password but will directly allow you to set a new password. This reflects the principle of separation of permissions; the administrator can reset any user's password but cannot obtain the user's original password through this command. This also means that the administrator is responsible for the security of this operation. After the change is complete, it is recommended to notify the affected user. Sometimes you may need to lock or unlock an account, which can be done using:

sudo passwd -l username (lock)

and

sudo passwd -u username (unlock)

Once locked, even if a user enters the correct password, they cannot log in. This is extremely useful when an employee leaves or an account is suspected of being compromised.

In the actual scenario of Japanese cloud servers, the vast majority of logins are conducted remotely via SSH. The password change process is exactly the same as locally; simply execute the `passwd` command in the SSH session. However, there are a few points to note specific to cloud environments. When logging into a Japanese cloud server for the first time using SSH key authentication, for security reasons, the system will usually force you to immediately change the password for the default user (such as ubuntu, ec2-user, or root). This is an unskippable step; you must set a valid password before proceeding. Additionally, if you have set a password for the root user and want to be able to log in directly to SSH using the root password in the future, you may need to modify the SSH service configuration file `/etc/ssh/sshd_config`, setting the `PermitRootLogin` parameter to `yes` or `prohibit-password` (the latter only allows key-based login). After modification, you need to restart the SSH service:

sudo systemctl restart sshd

Occasionally, a more special situation may arise: forgetting the root password. On traditional servers with physical access, a reboot into single-user mode can reset the password. However, on Japanese cloud servers, you lack physical console access. In this case, the cloud service provider's "VNC console" or "rescue mode" becomes a lifesaver.

Password policy is a crucial part of an enterprise environment. You can manage user password expiration and policies using the `chage` command. For example:

sudo chage -l alice

This will display user alice's password expiration information;

sudo chage -M 90 alice

This will set her password expiration to 90 days;

sudo chage -d 0 alice

This will force her to change her password immediately upon her next login. These settings are very useful in compliant environments that require regular password rotation. Additionally, the system's global password policy is usually defined in files such as `/etc/pam.d/common-password` or `/etc/security/pwquality.conf`, which can be configured with minimum length, complexity requirements, etc.

From a security best practice perspective, simply changing passwords is not enough. First, never use weak passwords. Simple passwords such as "123456", "password", or company name plus year are prime targets for brute-force attacks. Second, consider using SSH keys instead of passwords for login. Key authentication is more secure and convenient than passwords. After generating a key pair, upload the public key to the `~/.ssh/authorized_keys` file on your server. You can then disable password login in your SSH configuration to completely eliminate the risk of brute-force attacks. Third, audit your accounts regularly. Use the `last` command to view login records, and use `sudo grep 'Failed password' /var/log/auth.log` (Ubuntu/Debian) or `/var/log/secure` (CentOS/RHEL) to check for failed login attempts and promptly identify anomalies. A complete password change and security management process can be summarized as follows: For personal accounts, change the password using `passwd` locally or in an SSH session; for managing other accounts, use `sudo passwd username`; when logging into the Japanese cloud server for the first time, follow the mandatory password change process; if you forget your password, reset it using the cloud platform console tools or with administrator privileges; finally, build a defense-in-depth system using SSH keys, strong password policies, and log monitoring.