Connection
How do I connect to a Linux VM?
Use this guide: Connecting to a Linux VM via SSH. If the computer you are connecting from has an older version of Windows (7, 8, or the first releases of Windows 10) and there is no built-in SSH console client, use PuTTY
The Linux images from Yandex Cloud are initially supplied without a graphical shell. Connection via SSH using a username and a password is disabled by default because this method is outdated and unsafe.
What should I do if I wasn't able even once to connect to the VM I created?
Your device should "see" the VM over the network:
- If you are connecting from the outside, you need to have a public IP address assigned to the VM or configure connectivity through another VM with a public IP address (e.g., through a NAT instance).
- Outgoing traffic to and from the VM must be allowed on your device.
Do not turn off or restart the VM immediately after creating it. For VMs with a small guaranteed vCPU performance, the initial launch process may take a long time (up to half an hour). If the VM is terminated prematurely, the initialization scripts might not have time to execute. In this case, delete the VM and create a new one.
How do I use root on a Linux VM?
When creating a Linux VM, do not use usernames reserved by the system, such as root
, admin
, etc., because cloud-init
will not be able to add a user with such a username. Try user
for username to create a VM.
To upgrade your permissions to root
, use sudo
. The user specified when creating the VM is a member of the sudo
group. root
does not have a password, so you can simply connect to the VM via SSH (see Connecting to a Linux VM via SSH) and enter this command:
sudo su
You can also execute various commands without switching to root
. For example, to shut down a VM from the guest OS, just enter the command:
sudo poweroff
What should I do if I cannot connect to a VM, even though the connection was working before?
Your data was likely taken over and third parties gained access to the VM. Take a disk snapshot (see Creating a disk snapshot) of the VM and create a new VM based on it (see Create a VM with disks restored from snapshots). If you succeeded connecting to the new VM, use stronger passwords and do not share your private data.
If the VM created from the snapshot is also unavailable for connection, see How do I get important data from a broken VM.
What should I do if I cannot connect to a VM from a Cloud Marketplace image?
Some Cloud Marketplace images have service usernames reserved, e.g., bitrix
in the 1C-Bitrix image. When creating a VM and connecting to it, use a username not reserved in the system, e.g., user
. Do not use root
, admin
, or other system usernames.
You can later change the bitrix
user password by running the sudo passwd bitrix
command.
What do I do if the Permission denied error occurs?
When connecting to a VM via SSH, the following errors may occur:
Permission denied (publickey)
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
Common causes of errors include:
- Mistyped public key specified when creating a virtual machine.
- Invalid private key provided when attempting to establish a connection.
- Invalid data in the
authorized_keys
file.
To solve the connection issue, try providing the right private key using the -i
flag:
ssh -i <key_path/key_file_name> <username>@<VM_public_IP_address>
How do I set up an RDP/VNC connection to a Linux VM?
There are two options for enabling the graphical interface on Linux VMs:
- Use RDP or VNC. To do this:
-
Install the desktop environment on a Linux-based VM (Ubuntu/CentOS).
-
Install the xrdp or VNC server to connect via RDP or VNC, respectively.
-
Configure the software.
We recommend using a combination of a VNC server that only listens to localhost and an SSH tunnel. In this case, you eliminate the risk of attackers connecting to your VM via VNC and also encrypt the VNC traffic.
-
- Configure X11 forwarding onto the local computer. For Windows, use Xming
.- Install the desktop environment.
- Configure X11 forwarding and connect via SSH.
- Launch the application from the terminal.
What should I do if I cannot connect to a VM, even though the connection was working before?
Your data was likely taken over and third parties gained access to the VM. Take a disk snapshot (see Creating a disk snapshot) of the VM and create a new VM based on it (see Create a VM with disks restored from snapshots). If you succeeded connecting to the new VM, use stronger passwords and do not share your private data.
If the VM created from the snapshot is also unavailable for connection, see How do I get important data from a broken VM.
How do I use a serial console? How do I connect directly to a VM?
If you have issues while connecting to a VM over a network, you can use the serial console. For more information about the serial console, see Getting started with the serial console.
You can enable access to the serial console when creating or modifying a VM. The serial console will be available in the Yandex Cloud management console
For a Linux VM, you need to additionally configure password access for the user in advance by connecting via SSH and setting the password using the sudo passwd user
command (replace user
with the username you specified when creating the VM).
What do I do if an SSH key is lost?
If you set a user password, configure the VM serial console and connect to it. We recommend connecting through the CLI.
If no user password is set, take a snapshot of the VM's disk and create a new VM from the snapshot.
If the problem persists:
- Create a new disk from the VM snapshot.
- Attach it as a secondary disk to a different VM.
- Change the root directory with
chroot
. - Edit the configuration files that make the VM unavailable.
- Detach the disk from the VM.
- Create a new VM. Under Image/boot disk selection, go to the Custom tab and select your disk as the boot disk.
- After restoring access to the VM, do not forget to delete unused resources: VMs, disks, and disk snapshots. If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.
Why does the VM not work after a reboot?
The VM may stop working after a reboot for one of the following reasons:
- The VM was forcibly restarted while writing to the system disk. In this case, the file system could be damaged.
- The firewall and/or network was incorrectly configured.
- Changes were made to the
cloud-init
settings. - Changes were made to the Python system version, which is also used by
cloud-init
. - There was a problem with the service.
If you performed one of these actions, see How do I get important data from a broken VM. Otherwise, contact support.
How do I get important data from a VM that crashed?
When a VM crashes:
- Take a snapshot of the failed disk (see Creating a disk snapshot for details).
- Create a new VM with an additional (non-bootable) disk restored from the snapshot (see Create a VM with disks restored from snapshots for details).
- Connect to the VM (see Working on a VM for details).
- Mount the disk (see Mounting a disk created from a snapshot or image for details).
- Run a check of the disk file system.
- Transfer the data you need to the boot disk of your new VM.