This article primarily shares the standard SSH login process and solutions for when the root password is forgotten.

Basic Principles and Preparations for SSH Login

SSH (Secure Shell) is an encrypted network protocol used to securely run network services over insecure networks. Japanese cloud servers enable SSH by default, listening on port 22. The client establishes an encrypted channel with the server via the SSH protocol, and obtains command-line access after authentication.

Before logging in, you need to confirm three things: the public IP address of the Japanese cloud server, the root user password, and whether your local machine can access port 22. The public IP address can be obtained from the instance details page of the cloud service provider's console; the root password is set when the server is created. If key-based login was selected at that time, there is no password. Some cloud providers disable password login by default, allowing only key authentication. In this case, you need to first access the server via VNC in the console to modify the SSH configuration file.

Using SSH Login with Password

On Windows systems, it is recommended to use PuTTY or the OpenSSH client that comes with Windows Terminal. Starting with Windows 10, the system has a built-in ssh command, which can be used to directly open the command prompt or PowerShell. macOS and Linux systems natively support the SSH command, requiring no additional software installation.

The basic format of the connection command is as follows:

ssh root@server public IP address

For example, assuming the server IP is 123.123.123.123, you would enter:

ssh root@123.123.123.123

On the first connection, the system will prompt you to confirm the server's public key fingerprint. This is a security verification step to prevent man-in-the-middle attacks. The terminal will display a message similar to "The authenticity of host '123.123.123.123' can't be established." and ask if you want to continue the connection. After confirming the IP address is correct, enter "yes" and press Enter. The system will then prompt you for a password. No characters will be displayed on the screen when you enter the root password; this is a normal security mechanism. Simply press Enter after entering the password. If the password is correct, you will see a welcome message indicating successful login and a command prompt.

If using PuTTY, enter the IP address in the "Host Name" field, keep the port as 22, select SSH as the connection type, and then click "Open". The first connection will also prompt for confirmation of the server key; click "Accept". In the opened black window, enter the username "root", press Enter, and then enter the password to complete the login.

Login via SSH using a key:

Some Japanese cloud servers select key pairs as the authentication method during creation, in which case there is no initial password. Key login requires a local private key file (usually in .pem format). When using the command line, add the -i parameter to specify the private key path:

ssh -i /path/to/your-key.pem root@serverIPaddress

Note that the permissions of the private key file should not be too open, otherwise SSH will refuse to use it. On Linux or macOS, you need to set the private key permissions to 600:

chmod 600 /path/to/your-key.pem

When using PuTTY to log in with a key on Windows, you need to convert the .pem format to .ppk format first. The PuTTYgen tool can perform this conversion: After loading the .pem file, click "Save private key" to generate a .ppk file. Then, load the .ppk file in PuTTY's Connection → SSH → Auth → Credentials to log in normally.

Solution for Forgotten Root Password

If the root password is lost and no key-based login is configured, you cannot access the server via SSH. In this case, you need to reset the password using the "Rescue Mode" or "VNC Management" provided by your cloud service provider.

The most common method is to use the VNC remote connection function of the cloud console. Log in to the cloud service provider's management backend, find the target Japanese cloud server instance, and click "Remote Connection" or "VNC Login" in the operation menu. This will open a browser-based virtual terminal, equivalent to directly connecting to the server's display output. After entering the system via VNC, the system is usually at the login screen. A password is still required to log in—if you've forgotten the password, VNC cannot directly access the system.

Therefore, the real solution is to utilize single-user mode or rescue mode. In the VNC interface, restart the server (you can execute the "Restart" command in the console), and press a specific key (usually the 'e' key) during startup to enter the GRUB boot menu editing interface. Find the line starting with "linux", add "init=/bin/" or "rd.break" (the exact name may vary depending on the operating system) to the end of the line, and then press Ctrl+X to boot. The system will directly enter a shell with root privileges, without needing to enter a password. You can then directly change the root password using the `passwd` command:

passwd root

After entering the new password twice, execute the following commands to make the changes take effect and restart the system:

touch /.autorelabel

exec /sbin/init

The operational details vary depending on the Linux distribution. CentOS/RHEL series typically use the `rd.break` method, while Ubuntu/Debian series commonly use the `init=/bin/` method. If you are unfamiliar with GRUB operations, a more reliable method is to use the "Reset Password" function provided by your cloud service provider. Most cloud vendors' consoles support resetting the system password directly online: find "Reset Password" or "Change Password" in the instance operation menu, enter the new password, and submit. The system will automatically complete the password change and restart the server. This process requires no manual commands, but note that resetting the password usually requires the server to be running and the corresponding cloud assistant component to be installed.

For extreme cases where resetting the password cannot be resolved, such as corrupted system files or a malfunctioning cloud assistant, the last resort is to use rescue mode. Create a temporary rescue server in the same region from the console, unmount the original server's system disk and mount it to the rescue server, then modify the `/etc/shadow` file in the mounted directory to clear the root password, or directly mount the server and use `chroot` to switch to the original system environment and execute `passwd`. This method is complex, and it is recommended to try the console's password reset function first.

Several suggestions for improving SSH security

After completing the login and password recovery, it is recommended to perform some basic hardening of the SSH service. Changing the default port 22 can significantly reduce the probability of automatic scanning attacks; disabling direct root login and replacing it with a regular user login followed by `su` switching, combined with key authentication, can almost eliminate brute-force attacks. Specific configurations are located in the `/etc/ssh/sshd_config` file; after modification, the SSHD service needs to be restarted. In daily use, keeping the server system and SSH software up-to-date and regularly changing to strong passwords are basic requirements for maintaining the security of Japanese cloud servers.