Kali Linux Default Password: Default user, root & SSH tips

Each Linux distribution has its own rules for the default username and password. Some will create it for you, and with most of them, you’ll have a short wizard on the first boot to guide you with this. Kali Linux is not an exception, and the default user and password have changed overtime. Let’s recap everything you need to know on a fresh installation.

With the latest version of Kali Linux, a user account is created during the first boot. You have the choice for the username and password. So, there is no default password for the main user on Kali Linux, it’s the one you set during the installation.

But it can be different with pre-built images or some preinstalled services, and there are a few things to know before using the administrator account (root). I’ll explain everything relate to users and passwords in this article.

What’s the default password on Kali Linux?

On a traditional setup with the “Installer” image downloaded from the official website, the first user is created during the installation. But other pre-built images (like virtual machines), comes with the account already setup.

Traditional setup: with the installer image

When you install Kali Linux from scratch on your PC, you’ll get a screen like this on the first boot, where the installation wizard ask the user full name, identifier and password.

Almost anything can be used at this stage, so if you have installed Kali Linux recently, the default user and password is most likely something you picked during these steps.

So, you’re in charge when it comes to creating the user and password on Kali Linux, there are no default login and password anymore.

If you’ve lost your password, there are ways to recover it (as explained here), but it might be easier to reinstall Kali from scratch. You’ll get the latest version, and in most cases we don’t keep tons of personal files on this distribution.

Virtual machines and prebuilt images

With some pre-created images of Kali Linux, the user and password are created for you, and the default values are:

• Username: kali
• Password: kali

It’s the case with virtual machines images (VMware, VirtualBox, QEMU) or some specific images like the edition of Kali Linux for ARM devices (Raspberry Pi for example).

If I remember well, it was also the default identifiers on old versions of Kali Linux, so it might be worth trying it if you can’t remember which user and password is set on your system.

Vagrant

Vagrant is yet another option to use Kali Linux. It’s a different beast when it comes to virtual machines, allowing you to create and configure them in a consistent and repetitive way, from a simple configuration file.

Anyway, if you’re reading this, you probably know what it is. If you use Vagrant for your Kali Linux setup, there is also a default login and password set on it:

• Username: vagrant
• Password: vagrant

And while I’m talking about virtual machines in the cloud, if you use Amazon AWS service for Kali, there is no password set. You need to use the user “kali” and the SSH key instead of a password to connect to your Kali Linux instance on Amazon EC2.

What is the root password on Kali Linux?

As with most Linux distributions on recent versions, the root account is now locked by default on Kali Linux. It’s not possible to login as root on a fresh installation on a standard computer.

The recommendation is to use “sudo” whenever possible, as you can generally do everything with it.
Just add sudo before any command, and it will give you the administrator privileges if you have the right to use sudo (it’s the case with the first user):
sudo <command>
Example:
sudo apt upgrade

If you ever need to switch temporarily to the root prompt in a terminal, you can use:
sudo su
Which will give you access to all commands, without the need of using sudo (red power!):

However, it doesn’t activate the root account for direct login. If you really need it, you’ll have to create a password for it first.
It’s not recommended, as it’s a security risk and is almost useless in most cases, but you can still do it with:
sudo passwd

You’ll need to type your password (current user), and then provide a password for the “root” account twice. Try to pick something complicated (this password generator can help).

If it was a temporary need, you can lock the account again with:
sudo passwd -l root

What is the root password to connect to Kali Linux via SSH?

SSH access to the root account on Kali Linux is disabled by default. The SSH server configuration file has to be edited to allow it if needed. But it’s generally not recommended, for security reasons.

When it comes to security risks, using a strong password is one thing, but using random usernames is even better. And as “root” has the same name on all devices, it’s the one receiving the most attacks, especially when SSH is open.

Anyway, as always, even if it’s not recommended to allow root access via SSH, it’s still possible.
Here are the steps to do it:

• Open the SSH configuration file with your favorite text editor:
  sudo nano /etc/ssh/sshd_config
• Find the line starting with “#PermitRootLogin”.
• Remove the “#” at the beginning, and change the value to “yes” instead of “prohibit-password”.
• Save and exit the file (CTRL+X).
• Restart the SSH service:
  sudo service ssh restart

You can now use root to access the computer (if you enabled the account and set a password following the previous section).

Other default passwords on Kali Linux

I have now answered most of your questions related to the default system passwords used on Kali Linux. But depending on your installations, Kali may come with a bunch of apps preinstalled, that require another password, and some of them are set for you.

Let’s examine these cases.

MySQL

MySQL is often installed by default on Kali Linux, and if you are not used to it, there is a specific procedure required to access it for the first time, and create the user accounts.

If you just type the command “mysql” to open the console, you’ll most likely get an error like:
"Access denied for user <username>@localhost"

The only way to access the CLI on a fresh installation is to use sudo.
The access is enabled only for the administrator account and from the local machine. So, you can use:
sudo mysql

No password is required.

Then, if you want to create a password for “root”, and allow access from other devices, you need to complete the installation with:
sudo mysql_secure_installation

It will guide you to enabled anything you need. But the most important is to create a user and password.
From there, you can create all the users you need, with different privileges, as on any MySQL server (you’ll find plenty of tutorials online about these steps).

Other applications

Many other applications (like BeEF, OpenVAS, Metasploit and others) have default users created for you during the installation.

For some of them, there is a password set.
For others, you’ll be asked to created one on the first run.
And sometimes, you also have a setup program (like for MySQL) or a configuration file to edit.

Kali Linux keeps a list of these on their documentation, so if you have any doubt, I guess it’s best to check directly from their website (link here).

Once your system setup, if you need more guidance to use all these interesting tools on Kali Linux, I have many step-by-step tutorials for you on this website. So, feel free to check them out. Here are a few examples:

• Wifite: A step-by-step guide for Kali Linux users
• How To Remote Access Kali Linux
• Getting Started With John The Ripper On Kali Linux