Recovering access to a VM
You may need to recover access to a VM in the following cases:
- Loss of VM user credentials.
- Change in the public part of an SSH key.
- SSH connection failure.
- VM failure to start.
Loss of VM user credentials
If you lost your private SSH key for Linux or your Windows user password:
-
Create a disk snapshot for the VM you want to recover access to.
-
If you find it important to keep the public IP address used by the current VM, make this IP address static.
-
Create a new VM with the disk from the snapshot by specifying this disk as the boot disk. When creating a VM, enter your new credentials under Access.
If you had previously made the VM's public IP address static, use that IP address as the public IP address of the new VM:
Management consoleCLITerraformIn the Public IP address field, select the
List
address assignment method and select the previously reserved IP from the list that opens.In the
yc compute instance create
command, provide the previously reserved IP address in thenat-address
field of the--network-interface
parameter. Here is an example:yc compute instance create \ ... --network-interface subnet-name=subnet-b,nat-ip-version=ipv4,nat-address=111.112.13.14 \ ...
For more information about the
yc compute instance create
command, see the CLI reference.In the
network_interface
section of theyandex_compute_disk
resource, specify the previously reserved IP address in thenat_ip_address
parameter. Here is an example:network_interface { subnet_id = "e2lqsms4cdl3********" nat = true nat_ip_address = "111.112.13.14" }
For more information about the
yandex_compute_disk
resource, see the relevant provider documentation . -
Once you know that the new VM is up and running, delete the old VM and the disk snapshot.
If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.
If the 'cloud-init' or network configuration was changed for the VM, the described method may not work. In this case, see VM failure to start.
Change in the public part of an SSH key
You may encounter problems when accessing a Linux VM over SSH if the public part of your SSH key was changed or deleted on that VM.
You can recover access to a Linux VM over SSH using the serial console if you have a valid pair of SSH keys.
If you cannot access the serial console, follow these steps to recover the public part of your SSH key:
-
Take a snaphost of the VM boot disk.
-
Create an auxiliary Linux VM. Under Boot disk image, select the OS for the boot disk. To attach a data disk to an auxiliary VM, select the previously created snapshot under Disks and file storages.
-
Connect over SSH to the auxiliary VM and mount the disk you created from the snapshot.
-
Replace the SSH key stored on this disk with a valid one:
-
Go to the folder containing the public part of the SSH key in the mounted partition. Here is an example:
cd /mnt/home/<username>/.ssh
By default, user SSH keys are stored in the user's
~/.ssh
folder. -
Open the
authorized_keys
file, e.g., using thenano
text editor:nano authorized_keys
If the file is missing, this command will create it.
-
Replace the file contents with the public part of the valid SSH key pair.
-
-
Unmount the disk with the fixed SSH key from the VM:
sudo umount /mnt
-
Stop the auxiliary VM and detach the disk with the fixed SSH key from it.
-
Create a new VM. Under Boot disk image, go to the Custom tab and select the disk with the fixed SSH key as the boot disk.
Note
Make sure the new VM and the disk with the fixed SSH key are in the same availability zone.
-
Connect to the new VM via SSH.
-
Delete the disk snapshot and delete the auxiliary and old VMs.
If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.
SSH connection failure
The problem may occur due to an error in the SSH, security group, or network settings. To recover access, connect to the VM using the serial console and adjust the settings as appropriate.
Note
You can only use the serial console if a user password has been set; otherwise, see VM failure to start.
- Enable access to the VM serial console.
- Connect to the VM serial console.
- Change the SSH or network settings. If you have security groups configured, make sure their rules allow incoming TCP traffic on port 22.
- Connect to the VM via SSH.
Loss of an SSH key
If you set a user password, configure the VM serial console and connect to it. We recommend connecting through the CLI.
If no user password is set, take a snapshot of the VM's disk and create a new VM from the snapshot.
If the problem persists:
- Create a new disk from the VM snapshot.
- Attach it as a secondary disk to a different VM.
- Change the root directory with
chroot
. - Modify configuration files that affect VM accessibility, e.g., set a new password for the user using the
sudo passwd <username>
command. - Detach the disk from the VM.
- Create a new VM. Under Image/boot disk selection, go to the Custom tab and select your disk as the boot disk.
- After restoring access to the VM, do not forget to delete unused resources: VMs, disks, and disk snapshots. If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.
VM failure to start
If a VM fails to start, follow these steps to get access to the disk data:
- Create a disk snapshot for the VM you want to recover access to.
- Create a disk from the snapshot. When creating a disk, select
Snapshot
in the Contents field and specify the snapshot you created. - Attach the disk as secondary to the auxiliary VM.
- Modify the configuration files affecting the VM startup or copy essential data.
- Detach the disk from the auxiliary VM.
- If you troubleshot the issue preventing your VM from starting, create a new VM. When creating a VM, go to the Boot disk image tab under Custom and select the fixed disk as the boot disk.
- After restoring access to the VM, do not forget to delete unused resources: VMs, disks, and disk snapshots. If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.