Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Compute Cloud
    • All guides
      • Connecting to a VM via SSH
      • Exchanging files with VMs
      • Connecting to a VM via RDP
      • Connecting to a VM via PowerShell
      • Using Yandex Cloud from within a VM
      • Installing NVIDIA drivers
      • Recovering access to a VM
    • Viewing operations with resources
  • Yandex Container Solution
  • Access management
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Creating an SSH key pair
  • Copying a public key to the clipboard
  • Connecting to a VM
  • Adding SSH keys for other users
  1. Step-by-step guides
  2. Using a VM
  3. Connecting to a VM via SSH

Connecting to a Linux VM via SSH

Written by
Yandex Cloud
Improved by
Grig A.
Updated at April 1, 2025
  • Creating an SSH key pair
  • Copying a public key to the clipboard
  • Connecting to a VM
  • Adding SSH keys for other users

To connect to a VM via SSH, you need a key pair with the public key located on the VM and the private key kept by the user. This method is more secure than connecting with a username and password.

To enable another user to connect to your VM, add an SSH key for them by following this guide.

Note

When creating a VM accessible via OS Login, specify SSH keys in the metadata. This way, you will be able to connect to the VM via SSH even if you disable OS Login access for it.

To connect to a Linux VM via SSH:

  1. Create an SSH key pair.
  2. Copy the public key to the SSH key field on the VM creation page.
  3. Connect to the VM.

Creating an SSH key pairCreating an SSH key pair

Linux/macOS
Windows 10/11
Windows 7/8
  1. Open the terminal.

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t ed25519 -C "<optional_comment>"
    

    You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

    After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

    By default, the command prompts you to save the key under the id_ed25519 name in the following directory: /home/<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

If you do not have OpenSSH installed yet, follow this guide to install it.

  1. Run cmd.exe or powershell.exe (make sure to update PowerShell before doing so).

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t ed25519 -C "<optional_comment>"
    

    You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

    After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

    By default, the command prompts you to save the key under the id_ed25519 name in the following folder: C:\Users\<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

Create keys using the PuTTY app:

  1. Download and install PuTTY.

  2. Add the folder with PuTTY to the PATH variable:

    1. Click Start and type Change system environment variables in the Windows search bar.
    2. Click Environment Variables... at the bottom right.
    3. In the window that opens, find the PATH parameter and click Edit.
    4. Add your folder path to the list.
    5. Click OK.
  3. Launch the PuTTYgen app.

  4. Select EdDSA as the pair type to generate. Click Generate and move the cursor in the field above it until key creation is complete.

    ssh_generate_key

  5. In Key passphrase, enter a strong password. Enter it again in the field below.

  6. Click Save private key and save the private key. Do not share its key phrase with anyone.

  7. Click Save public key and save the public key to a file named <key_name>.pub.

Warning

Store your private key securely, as you will not be able to connect to the VM without it.

Copying a public key to the clipboardCopying a public key to the clipboard

The previously created public key has the following format:

<key_type> <public_key_body> <optional_comment>

Example:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5ABFLIFyapYheN7OZNhTaNqEHefjmU5mtzK********+gRPCz user@Desktop

Tip

The <optional_comment> section is not used when connecting via SSH, so you can omit it.

Open the <key_name>.pub file using any text editor, such as Notepad, and copy the key from it. The key must be written as a single line (without returns or line breaks).

You can also copy the key using the command line:

Linux/macOS
Windows

In the terminal, use one of the following methods to copy the key:

  • Manually. To do this, output the file content to the screen:

    cat <key_file_path>/<key_name>.pub
    

    This will display the public key. Copy it to the clipboard.

  • Use the appropriate command:

    • For Linux: cat <key_file_path>/<key_name>.pub | xclip -selection clipboard.

    • For macOS: cat <key_file_path>/<key_name>.pub | pbcopy.

    The above-mentioned commands copy the entire content of the file, including the optional comment.

  1. Run cmd.exe or powershell.exe.

  2. Use one of the following methods to copy the key:

    • Manually. To do this, output the file content to the screen:

      type <key_file_path>\<key_name>.pub
      

      This will display the public key. Copy it to the clipboard.

    • Use the appropriate command:

      type <key_file_path>\<key_name>.pub | clip
      

      The above-mentioned command copies the entire content of the file, including the optional comment.

After that, paste the public key into the SSH key field when creating a VM in the management console.

Connecting to a VMConnecting to a VM

You can connect to a VM with the RUNNING status via SSH. It may take some time for all services to initialize after the VM starts. If you get a connection error, try again in a few minutes.

The VM security groups must allow incoming TCP traffic on port 22.

To connect, specify the VM public IP address. You can find out the public IP address in the management console: on the VM page, go to the Network section and find the Public IPv4 address field. If you created your VM with an internal IP address only, assign it a public IP address.

You can also use internal IP addresses and FQDNs to establish an SSH connection between VMs within a single cloud network in Yandex Cloud.

Linux/macOS
Windows 10/11
Windows 7/8

In the terminal, run this command:

ssh <username>@<VM_public_IP_address>

Where <username> is the VM account username. If you created your VM via the CLI, yc-user is the default user.

If you have multiple private keys, specify the one you need:

ssh -i <key_path/key_file_name> <username>@<VM_public_IP_address>

If this is your first time connecting to the VM, you will get this unknown host warning:

The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established.
ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes into the terminal and press Enter.

Make sure the Windows account has read permissions for the directory containing the keys.

To connect to the VM, run the following command in the command line:

ssh <username>@<VM_public_IP_address>

Where <username> is the VM account username. If you created your VM via the CLI, yc-user is the default user.

If you have multiple private keys, specify the one you need:

ssh -i <key_path\key_file_name> <username>@<VM_public_IP_address>

If this is your first time connecting to the VM, you will get this unknown host warning:

The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established.
ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes in the command line and press Enter.

Establish a connection using PuTTY:

  1. Run Pageant.
    1. Right-click the Pageant icon in the task bar.
    2. In the context menu, select Add key.
    3. Select a PuTTY-generated private key in .ppk format. Enter the password for this key, if any.
  2. Run PuTTY.
    1. In the Host Name (or IP address) field, enter the public IP address of the VM you want to connect to. Set the port to 22 and connection type to SSH.

      ssh_add_ip

    2. In the tree on the left, select Connection → SSH → Auth.

    3. Enable Allow agent forwarding.

      ssh_choose_private_key

    4. In the tree on the left, select Connection → SSH → Auth → Credentials.

    5. In the Private key file for authentication field, select the private key file.

      ssh_choose_private_key

    6. Go back to the Sessions menu. In the Saved sessions field, enter any name for the session and click Save. This will save the session settings under the specified name. You can use this session profile to connect with Pageant.

      ssh_save_session

    7. Click Open. If this is your first time connecting to the VM, you may get this unknown host warning:

      ssh_unknown_host_warning

      Click Accept. This will open a terminal window prompting you to enter the username to use for connection. Type the username you specified when creating the VM and press Enter. If you created your VM via the CLI, yc-user is the default user.

      If everything is configured correctly, a connection to the server will be established.

      ssh_login

If you saved the session profile in PuTTY, you can use Pageant for future connections:

  1. Right-click the Pageant icon in the task bar.
  2. Select Saved sessions.
  3. In the saved sessions list, select the session you need.

For more information on how to solve connection issues, see FAQ.

Adding SSH keys for other usersAdding SSH keys for other users

You can add SSH keys for another VM user. To do this, create a new user and add a file with the authorized keys for this user.

To create multiple users with keys at the same time, use metadata.

To configure users from within the VM, follow these steps:

  1. Connect to the VM under the username you specified when creating the VM in the management console.

    Note

    To get info on a VM with custom metadata, run this command:

    yc compute instance get --full <VM_name>
    
  2. Create a new user named testuser and specify bash as the default shell for this user:

    sudo useradd -m -d /home/testuser -s /bin/bash testuser
    
  3. Switch to the new user:

    sudo su - testuser
    
  4. Create a folder named .ssh in the new user's home directory:

    mkdir .ssh
    
  5. In the .ssh folder, create a file named authorized_keys:

    touch .ssh/authorized_keys
    
  6. Add the public key of the new user to the authorized_keys file:

    echo "<public_key>" >> /home/testuser/.ssh/authorized_keys
    
  7. Change the access permissions to the authorized_keys file and the .ssh folder:

    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/authorized_keys
    
  8. Disconnect from the VM by running exit.

  9. Restart the VM.

  10. Check the connection for the new user:

    ssh testuser@<VM_public_IP_address>
    

What's nextWhat's next

  • Using Yandex Cloud from within a VM

See alsoSee also

  • Connecting to a Windows VM via RDP
  • Connecting to a Windows VM via PowerShell
  • Connecting to a VM via OS Login

Was the article helpful?

Previous
Creating a VM instance with access to a Yandex Lockbox secret
Next
Exchanging files with VMs
Yandex project
© 2025 Yandex.Cloud LLC