Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Compute Cloud
    • All guides
      • Creating a VM from a public image
      • Configuring software
      • Running a VM from a public image
      • Getting a list of public images
      • Getting information about a public image
    • Viewing service resource operations
  • Yandex Container Solution
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Connecting to a VM
  • Connecting via SSH
  • Connecting via OS Login
  • Passwords for pre-installed software
  • Using SSL
  • Filtering network traffic
  • Installing updates
  1. Step-by-step guides
  2. Images with pre-installed software
  3. Running a VM from a public image

Working with a VM created from a public image

Written by
Yandex Cloud
Updated at February 12, 2025
  • Connecting to a VM
    • Connecting via SSH
    • Connecting via OS Login
  • Passwords for pre-installed software
  • Using SSL
  • Filtering network traffic
  • Installing updates

Connecting to a VMConnecting to a VM

You can connect to a virtual machine via SSH using an SSH key pair, via OS Login, or via the serial console.

Connecting via SSHConnecting via SSH

This method for connecting to a VM uses an SSH key pair: the public key resides on the VM, while the private one is kept by the user. Connecting with a key pair is more secure than with a username and password.

Note

SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex Cloud.

Creating an SSH key pairCreating an SSH key pair

Linux/macOS
Windows 10/11
Windows 7/8
  1. Open the terminal.

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t ed25519 -C "<optional_comment>"
    

    You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

    After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

    By default, the command prompts you to save the key under the id_ed25519 name in the following directory: /home/<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

If you do not have OpenSSH installed yet, follow this guide to install it.

  1. Run cmd.exe or powershell.exe (make sure to update PowerShell before doing so).

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t ed25519 -C "<optional_comment>"
    

    You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

    After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

    By default, the command prompts you to save the key under the id_ed25519 name in the following folder: C:\Users\<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

Create keys using the PuTTY app:

  1. Download and install PuTTY.

  2. Add the folder with PuTTY to the PATH variable:

    1. Click Start and type Change system environment variables in the Windows search bar.
    2. Click Environment Variables... at the bottom right.
    3. In the window that opens, find the PATH parameter and click Edit.
    4. Add your folder path to the list.
    5. Click OK.
  3. Launch the PuTTYgen app.

  4. Select EdDSA as the pair type to generate. Click Generate and move the cursor in the field above it until key creation is complete.

    ssh_generate_key

  5. In Key passphrase, enter a strong password. Enter it again in the field below.

  6. Click Save private key and save the private key. Do not share its key phrase with anyone.

  7. Click Save public key and save the public key to a file named <key_name>.pub.

Connecting using an SSH key pairConnecting using an SSH key pair

After the VM starts (its status is RUNNING), you can connect to it over SSH. To do this, use ssh in Linux, macOS, and Windows 10/11, or PuTTY in Windows 7/8.

To connect, specify the VM address. This can be either its IP address or FQDN. You can also connect from another Yandex Cloud VM using FQDN if this VM is connected to the same virtual network. You can find out the IP address in the management console by going to the Network section on the VM's page.

Connecting via OS LoginConnecting via OS Login

OS Login is used to provide users with SSH access to VMs using IAM. To access a VM via OS Login, enable OS Login access at the organization level.

To connect to a VM via OS Login, users must have the compute.osLogin or compute.osAdminLogin role and the VM must support OS Login at the OS level. You can create a new VM with OS Login support or set up access via OS Login for an existing VM.

To connect to a VM via OS Login, specify the VM name or ID.

If a VM has OS Login access enabled, you cannot use a standard SSH client to connect to that VM with an SSH key.

Passwords for pre-installed softwarePasswords for pre-installed software

In addition to OS distributions, Cloud Marketplace offers public images with pre-installed software. To get passwords to configure the pre-installed software in such images:

  1. Connect to the VM.

  2. You can find passwords for pre-installed software in the /root/default_passwords.txt file. Only a superuser has read and write permissions for the file. Get a list of passwords using this command:

    sudo cat /root/default_passwords.txt
    

If a public VM image has no pre-installed software, there will be no password file provided.

Using SSLUsing SSL

To use SSL, generate an SSL certificate and configure the web server to use it.

To create an SSL certificate, use Yandex Certificate Manager. You can export the certificate and use it on the web server.

Filtering network trafficFiltering network traffic

On VMs created from public images, only the ports required for configuring and running pre-installed software are open.

You can view a list of open ports for a particular VM when connecting to it using an SSH key pair. To open additional ports, use iptables.

At the cloud network level, security groups are used to filter the network traffic. To allow specific traffic for a VM at the network level, configure a security group and link it to the VM.

Installing updatesInstalling updates

VMs created from public images do not feature automatic updates for their operating system or software. You can update them manually.

Was the article helpful?

Previous
Configuring software
Next
Getting a list of public images
Yandex project
© 2025 Yandex.Cloud LLC