Default PasswordDefault Password
Default Passwords

Hetzner Ubuntu Default Passwords: Reset and Security Tips

Discover how Hetzner Ubuntu servers handle default passwords, how to regain access, and practical, secure credential management practices for 2026 across cloud and dedicated environments.

Default Password
Default Password Team
·5 min read
Ubuntu PasswordPassword ResetDefault PasswordCredential RecoverySecurity Best Practices
Ubuntu Password Reset - Default Password
Hetzner Ubuntu default password

Hetzner Ubuntu default password is the initial credential for accessing an Ubuntu server hosted by Hetzner. In practice, most Hetzner deployments rely on SSH key authentication or a temporary rescue password rather than a universal root password.

Hetzner Ubuntu default password is not a universal constant. Access is usually set up with SSH keys or a temporary password provided through Hetzner rescue or cloud console. This guide explains how to identify, recover, and securely manage credentials for Hetzner Ubuntu servers.

What Hetzner uses for Ubuntu access

Hetzner provides several paths to access an Ubuntu server. In modern Hetzner Cloud deployments there is no universal hetzner ubuntu default password; instead, you are prompted to supply an SSH public key at creation time, or you receive a temporary password via the Rescue System. Understanding these options helps you plan secure access from day one. Some installations still rely on a password at first boot, but this is less common in 2026. The key takeaway is that there is no single global default password across Hetzner Ubuntu instances. Always check the specific deployment method you’re using and confirm what authentication method is enabled by default.

  • SSH key authentication is preferred for long term security.
  • Rescue passwords are temporary and designed for recovery, not routine access.
  • Console access via the Hetzner management interface can be used when network access is unavailable.

If you are using a dedicated server or a cloud image, review the exact access method provided in the Hetzner Cloud Console or Robot Interface for that server.

Common access scenarios and credentials flow

When you provision a Hetzner Ubuntu server, you typically choose how to authenticate. SSH keys prevent password guessing and reduce exposure to brute force attacks. If you did not configure SSH keys, Hetzner may provide a temporary password for the Rescue System or for the initial console login. In cloud environments, the default user is often a standard account such as ubuntu, with passwordless access via SSH keys if configured. If a password is required, it is usually a one time or time-limited credential that you must replace at first login. The absence of a universal hetzner ubuntu default password means every deployment can be different based on the image, selection, and date created.

  • Always verify which authentication method is active in your server settings.
  • Prepare SSH keys ahead of time to simplify secure access.
  • Keep a record of any temporary credentials provided during rescue or initial setup.

How to regain access when you forget the password

If you forget or lose access due to a password issue on a Hetzner Ubuntu server, you should use the Rescue System or the management console to regain control. The typical workflow is to boot into Rescue Mode, connect via SSH using the rescue credentials, mount the server’s filesystem, and reset the root or primary user password. After resetting, you should immediately replace password authentication with SSH keys and follow best practices for securing the SSH service. Remember that the exact steps can vary by server type and image, so consult Hetzner’s documentation for your specific setup.

  • Enable Rescue Mode from the Hetzner Console.
  • Connect to the rescue environment using the provided credentials.
  • Mount the main filesystem and chroot into it to run passwd on the target user.
  • Reboot and reconfigure access to rely on SSH keys.

Step by step to reset the root password via rescue mode

  1. In the Hetzner Console, enable the Rescue System for your server and note the credentials.
  2. SSH into the rescue environment using the provided IP and credentials.
  3. Identify your root partition with lsblk and mount it, then chroot to the mounted root.
  4. Run passwd root to set a new password. If your server uses ubuntu, also update the ubuntu user password as needed.
  5. Exit the chroot, unmount filesystems, and reboot the server into normal mode.
  6. Log in with the new password or, preferably, set up SSH key access and disable password login.
  7. Verify that SSH password authentication is disabled by editing /etc/ssh/sshd_config and restarting the service.
  8. For ongoing security, add your SSH public key to the authorized_keys file and remove password-based logins.

Securing Ubuntu after a reset

After resetting credentials, harden the server to prevent future password-based breaches. Disable password authentication entirely or restrict it to highly controlled environments. Use SSH keys for all admin access and set "PermitRootLogin prohibit-password" in sshd_config. Configure a firewall with UFW or nftables, enable fail2ban to mitigate brute force attempts, and ensure automatic security updates are enabled. Regularly rotate SSH keys and review user accounts.

  • Enforce SSH key authentication only
  • Disable root login via SSH
  • Use a firewall and fail2ban
  • Keep system packages updated

SSH keys vs password authentication on Hetzner

SSH keys offer stronger security than password authentication because they are not vulnerable to guessing or brute force. When you pair SSH keys with a strong passphrase, remote access remains secure even if a server is exposed to the internet. If you must use passwords, ensure they are unique, long, and rotated regularly, and consider enforcing two-factor authentication where possible.

  • Prefer SSH key authentication
  • Use strong passphrases for key protection
  • Disable password-based login where feasible

Common pitfalls and troubleshooting

A frequent pitfall is assuming there is a universal default password. Always start by checking the server’s authentication method in the Hetzner Console. Rescue Mode passwords can expire; make sure you’re using the current credentials. Misidentifying the root account or mismounting disks in rescue mode can lead to failed password resets. If SSH key authentication is enabled but you do not have your key, use rescue mode to add your public key to the authorized_keys file for the target user.

  • Confirm the active authentication method
  • Use rescue mode only for recovery tasks
  • Ensure correct user and home directory permissions when updating authorized_keys

Automating password hygiene and future credential management

Plan credential management as part of your server lifecycle. Use SSH keys for all admin access, rotate keys periodically, and store credentials in a secure password manager. Consider enabling two factor authentication for Hetzner Console access where available. Document access procedures for your team and set up automation to rotate API credentials if you use Hetzner's APIs for server management. Regular security audits help prevent stale credentials.

  • Use SSH keys for daily access
  • Rotate credentials regularly
  • Document and automate credential changes

When to contact Hetzner support and recovery options

If you cannot regain access using Rescue Mode or the management console, contact Hetzner support for assistance with credential recovery. Provide server identifiers, the incident time, and any relevant rescue activity logs. In emergency scenarios, Hetzner can guide you through recovery steps or perform intervention to restore access while maintaining security.

  • Have server IDs ready
  • Include rescue activity details
  • Follow official support guidance for secure recovery

Your Questions Answered

What is the Hetzner Ubuntu default password?

There is no universal Hetzner Ubuntu default password. Access usually relies on SSH keys or a temporary rescue password rather than a fixed root password. Always verify the authentication method for your specific Hetzner server and image.

There is no universal default password for Hetzner Ubuntu servers; most setups use SSH keys or a temporary rescue password instead.

How do I regain access if I forget the password on Hetzner Ubuntu?

Use Rescue Mode from the Hetzner Console to boot into a recovery environment, connect with the rescue credentials, mount the server’s filesystem, and reset the root or user password. Then move to SSH key authentication for future access.

Use Rescue Mode to boot into recovery, then reset the password and switch to SSH keys for ongoing access.

Can I disable password authentication on Hetzner Ubuntu servers?

Yes. Edit /etc/ssh/sshd_config to disable PasswordAuthentication and reload SSH. It is best practice to use SSH keys and consider disabling root login to minimize attack surface.

Yes. Disable password authentication in SSH configuration and rely on SSH keys instead.

What is the recommended password policy for Hetzner Ubuntu servers?

If passwords are used, enforce long, complex passwords, rotate them regularly, and avoid reusing credentials. Prefer SSH key authentication and avoid storing passwords in plaintext on servers.

Use long complex passwords and rotate them regularly, but prefer SSH keys for admin access.

Where can I find official instructions for credential recovery on Hetzner?

Refer to Hetzner Cloud Docs for recovery workflows and the Ubuntu community and official Ubuntu documentation for general password and SSH security practices. Cross-check with your server type and image.

Check Hetzner Cloud Docs and Ubuntu community resources for official recovery steps.

Key Takeaways

  • Verify authentication methods before losing access
  • Use Rescue Mode to reset credentials if needed
  • Prefer SSH keys over passwords for admin access
  • Harden Ubuntu after reset with firewall and SSH hardening
  • Document and rotate credentials regularly

Related Articles

← More in Default Passwords