Many a time your security scan shall fail for having
/etc/mysql/debian.cnf file in your linux instance. Typically, after a image has been made, you need to remove this file and set a special user debian-sys-maint which can be used to reset your root user login.
mysql -u debian-sys-maint -p%oldpassword%
(replace %oldpassword% with the password you are being given by us when you first time do SSH to your instance)
SET PASSWORD = PASSWORD(‘%newpassword%’);
(replace %newpassword% with the new password)
Now you can login with this user and set password for any user including root