Restoring access to a VM
You may need to restore access to a VM in the following cases:
- VM user credentials are lost
- The public part of an SSH key was changed
- The SSH connection fails
- The VM fails to start
VM user credentials are lost
If you lost your private SSH key for Linux or your Windows user password:
-
Create a snapshot of the disk of the VM that you want to restore access to.
-
If you find it important to keep the public IP address used by the current VM, make this IP address static.
-
Create a new VM with the disk from the snapshot by specifying this disk as the boot disk. When creating a VM, enter your new credentials under Access.
If you had previously made the VM's public IP address static, use that IP address as the public IP address of the new VM:
Management consoleCLITerraformIn the Public IP field, select the
Listaddress assignment method and select the previously reserved IP from the list that opens.In the
yc compute instance createcommand, provide the previously reserved IP address in thenat-addressfield of the--network-interfaceparameter. Here is an example:yc compute instance create \ ... --network-interface subnet-name=subnet-b,nat-ip-version=ipv4,nat-address=111.112.13.14 \ ...For more information about the
yc compute instance createcommand, see the CLI reference.In the
network_interfacesection of theyandex_compute_diskresource, specify the previously reserved IP address in thenat_ip_addressparameter. Here is an example:network_interface { subnet_id = "e2lqsms4cdl3********" nat = true nat_ip_address = "111.112.13.14" }For more information about the
yandex_compute_diskresource, see the relevant provider documentation. -
Once you know that the new VM is up and running, delete the old VM and the disk snapshot.
If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.
If the 'cloud-init' or network configuration was changed for the VM, the described method may not work. In this case, see the VM fails to start.
The public part of an SSH key was changed
You may have problems accessing a Linux-based VM over SSH if the public part of your SSH key was changed or deleted on the side of the VM.
You can restore access to a Linux-based VM over SSH using the serial console if you have a valid pair of SSH keys.
If you can't access the serial console, do the following to recover the public part of your SSH key:
-
Take a snaphost of the VM's boot disk.
-
Create an auxiliary Linux-based VM. Under Boot disk image, choose the OS for the boot disk. To attach a data disk to an auxiliary VM, select the previously created snapshot in the Disks and file storages section.
-
Connect over SSH to the auxiliary VM and mount the disk you created from the snapshot.
-
Replace the SSH key that is stored on this disk with a valid key:
-
Go to the folder that stores the public part of the SSH key in the mounted partition. For example:
cd /mnt/home/<username>/.sshBy default, user SSH keys are stored in the user's
~/.sshfolder. -
Open the
authorized_keysfile, e.g., using thenanotext editor:nano authorized_keysIf the file is missing, this command will create it.
-
Replace the contents of the file with the public part of the valid SSH key pair.
-
-
Unmount the disk with the fixed SSH key from the VM:
sudo umount /mnt -
Stop the auxiliary VM and detach the disk with the fixed SSH key from it.
-
Create a new VM. Under Boot disk image, go to the Custom tab and select the disk with the fixed SSH key as the boot disk.
Note
Make sure the new VM and the disk with the fixed SSH key are in the same availability zone.
-
Connect to the new VM over SSH.
-
Delete the disk snapshot and delete the auxiliary and old VMs.
If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.
The SSH connection fails
The problem may occur due to an error in the SSH, security group, or network settings. To restore access, connect to the VM using the serial console and adjust the settings.
Note
You may use the serial console only if the user password is set; otherwise, see The VM fails to start.
- Enable access to the VM serial console.
- Connect to the VM serial console.
- Change the SSH or network settings. If you have security groups set up, make sure that their rules allow incoming TCP traffic to port 22.
- Connect to the VM via SSH.
An SSH key is lost
If you set a user password, configure the VM serial console and connect to it. We recommend connecting through the CLI.
If no user password is set, take a snapshot of the VM's disk and create a new VM from the snapshot.
If the problem persists:
- Create a new disk from the VM snapshot.
- Attach it as a secondary disk to a different VM.
- Change the root directory with
chroot. - Edit the configuration files that make the VM unavailable.
- Detach the disk from the VM.
- Create a new VM. Under Image/boot disk selection, go to the Custom tab and select your disk as the boot disk.
- After restoring access to the VM, do not forget to delete unused resources: VMs, disks, and disk snapshots. If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.
The VM fails to start
If you cannot start a VM, get access to data on the disk as follows:
- Create a snapshot of the disk of the VM that you want to restore access to.
- Create a disk from the snapshot. When creating a disk, choose
Snapshotin the Contents field and specify the created snapshot. - Attach the disk as secondary to the auxiliary VM.
- Change the configuration files that affect the VM startup or copy important data.
- Detach the disk from the auxiliary VM.
- If you found and fixed the startup issue, create a new VM. When creating a VM, go to the Custom tab under Boot disk image and select the fixed disk as the boot disk.
- After restoring access to the VM, do not forget to delete unused resources: VMs, disks, and disk snapshots. If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.