Creating a Linux VM
Create a Linux VM using Compute Cloud from the Yandex Cloud management console and connect to it.
Getting started
To get started in Yandex Cloud:
- Log in to the management console
. If not signed up yet, navigate to the management console and follow the on-screen instructions. - In Yandex Cloud Billing
, make sure you have a billing account linked and its status isACTIVE
orTRIAL_ACTIVE
. If you do not have a billing account yet, create one. - If you do not have a folder yet, create one.
- If you do not have an SSH key pair yet, create one.
Create a VM
-
In the management console
, select the folder where you want to create your VM. -
In the list of services, select Compute Cloud.
-
In the left-hand panel, select
Virtual machines. -
Click Create virtual machine.
-
Under Boot disk image, select an image and a Linux-based OS version.
To create a VM from an existing boot disk, go to the Custom tab and select the boot disk you need. To update disk settings, click
next to the disk name. -
Under Location, select an availability zone for your VM.
-
Optionally, configure the boot disk under Disks and file storages:
-
Select the disk type.
-
Specify the required disk size.
-
Optionally, to encrypt a boot disk or a secondary disk, under Disks and file storages, click
to the right of the disk name and configure encryption parameters for the disk:- Select Encrypted disk.
- In the KMS key field, select the key you want to use to encrypt the disk. To create a new key, click Create new key.
Warning
You can specify encryption settings only when creating a disk. You cannot disable or change disk encryption.
If you deactivate the key used to encrypt a disk, image, or snapshot, access to the data will be suspended until you reactivate the key.
Alert
If you destroy the key or its version used to encrypt a disk, image, or snapshot, access to the data will be irrevocably lost. For details, see Destroying key versions.
If you are creating a VM instance from an existing boot disk, update the settings of that disk in the Custom tab under Boot disk image at the top of the form.
-
-
Optionally, add a secondary disk:
-
Under Disks and file storages, click Add.
-
In the window that opens, select Disk. You can select an existing disk or create a new one, either empty or from a snapshot or image.
For example, to create a new empty disk:
- Select
Create new disk
. - In the Contents field, select
Empty
. - Enter a name for the disk.
- Select the disk type.
- Specify the required disk and block size.
- Optionally, enable Additional in the Delete along with the virtual machine field if you need this disk automatically deleted when deleting the VM.
- Click Add disk.
- Select
-
-
Optionally, connect a file storage:
-
Under Disks and file storages, click Add.
-
In the window that opens, select File storage and choose the storage you want to connect from the list.
-
Click Add file storage.
-
-
-
Under Computing resources, select one of the preset configurations or create a custom one. To create a custom configuration:
- Go to the Custom tab.
- Select a platform.
- Specify the guaranteed performance and required number of vCPUs, as well as RAM size.
- Optionally, enable a software-accelerated network.
- Make your VM preemptible, if required.
-
Under Network settings:
-
In the Subnet field, enter the ID of a subnet in the new VM’s availability zone. Alternatively, you can select a cloud network from the list.
-
Each network must have at least one subnet. If your network has no subnets, create one by selecting Create subnet.
-
If there are no networks in the list, click Create network to create one:
- In the window that opens, specify the network name and select the folder where you want to create it.
- Optionally, select Create subnets to automatically create subnets in all availability zones.
- Click Create network.
-
-
In the Public IP address field, select a method for assigning an IP address:
Auto
: To assign a random IP address from the Yandex Cloud IP address pool. In this case, you can enable DDoS protection using the option below.List
: To select a public IP address from the list of previously reserved static addresses. For more information, see Converting a dynamic public IP address to static.No address
: Not to assign a public IP address.
-
Select the relevant security groups. If you leave this field empty, the default security group will be assigned to the VM.
-
Expand Additional and select a method for assigning internal addresses in the Internal IPv4 address field:
Auto
: To assign a random IP address from the pool of IP addresses available in the selected subnet.Manual
: To manually assign a private IP address to the VM.- Enable DDoS protection, if required. The option is available if you previously selected the automatic IP assignment method in the public address settings.
-
Optionally, create records for your VM in the DNS zone:
- Expand DNS settings for internal addresses and click Add record.
- Specify a zone, FQDN, and TTL for the record. When setting the FQDN, you can enable
Detect automatically
for the zone.
You can add multiple records to internal DNS zones. For more information, see Cloud DNS integration with Compute Cloud. - To create another record, click Add record.
If you want to add another network interface to your VM, click Add network interface and repeat the settings from this step for the new interface. You can add up to eight network interfaces to a single VM.
-
-
Under Access:
-
Select Access by OS Login to connect and manage access to the new VM using OS Login in Yandex Cloud Organization.
With OS Login, you can connect to VMs using SSH keys and SSH certificates via a standard SSH client or the Yandex Cloud CLI. OS Login enables rotating the SSH keys used to access VMs, providing the most secure access option.
-
If you prefer not to use OS Login, select SSH key and specify the following VM access data:
-
Under Login, enter a username.
Alert
Do not use
root
or other usernames reserved by the OS. To perform operations requiring superuser privileges, use thesudo
command. -
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no saved SSH keys in your profile, or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.
-
If you want to add multiple users with SSH keys to the VM at the same time, specify these users' data under Metadata. You can also use metadata to install additional software on a VM when creating it.
In public Linux images provided by Yandex Cloud, the functionality of connecting over SSH using login and password is disabled by default.
-
-
Under General information, specify the VM name:
- It must be 2 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
Note
The VM name is used to generate an internal FQDN, which is set only once, when you create the VM. If the internal FQDN is important to you, make sure to choose an appropriate name for your VM.
-
Under Additional:
-
Optionally, select or create a service account. With a service account, you can flexibly configure access permissions for your resources.
-
Optionally, enable access to the serial console.
-
Optionally, under Backup, enable Connect and select or create a backup policy to make automatic backups of your VMs using Cloud Backup.
For more information, see Connecting Compute Cloud VMs and Yandex BareMetal servers to Cloud Backup.
-
Optionally, under Monitoring, enable Agent for delivering metrics to configure delivering metrics to Yandex Monitoring.
-
Optionally, under Placement, select a VM placement group.
-
-
Click Create VM.
The VM will appear in the list. The system automatically assigns an IP address and host name (FQDN) to a VM once it is created.
Connect to the VM
You can connect to a VM with the RUNNING
status via SSH. It may take some time for all services to initialize after the VM starts. If you get a connection error, try again in a few minutes.
The VM security groups must allow incoming TCP traffic on port 22.
To connect, specify the VM public IP address. You can find out the public IP address in the management console: on the VM page, go to the Network section and find the Public IPv4 address field. If you created your VM with an internal IP address only, assign it a public IP address.
You can also use internal IP addresses and FQDNs to establish an SSH connection between VMs with in a single cloud network in Yandex Cloud.
In the terminal, run this command:
ssh <username>@<VM_public_IP_address>
Where <username>
is the VM account username. If you created your VM via the CLI, yc-user
is the default user.
If you have multiple private keys, specify the one you need:
ssh -i <key_path/key_file_name> <username>@<VM_public_IP_address>
If this is your first time connecting to the VM, you will get this unknown host warning:
The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established.
ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type yes
in the terminal and press Enter.
Make sure the Windows account has read permissions for the folder containing the keys.
To connect to the VM, run the following command in the command line:
ssh <username>@<VM_public_IP_address>
Where <username>
is the VM account username. If you created your VM via the CLI, yc-user
is the default user.
If you have multiple private keys, specify the one you need:
ssh -i <key_path\key_file_name> <username>@<VM_public_IP_address>
If this is your first time connecting to the VM, you will get this unknown host warning:
The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established.
ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type yes
in the command line and press Enter.
Establish a connection using PuTTY:
- Run Pageant.
- Right-click the Pageant icon in the task bar.
- In the context menu, select Add key.
- Select a PuTTY-generated private key in
.ppk
format. Enter the password for this key, if any.
- Run PuTTY.
-
In the Host Name (or IP address) field, enter the public IP address of the VM you want to connect to. Set the port to
22
and connection type to SSH. -
In the tree on the left, select Connection → SSH → Auth.
-
Enable Allow agent forwarding.
-
In the tree on the left, select Connection → SSH → Auth → Credentials.
-
In the Private key file for authentication field, select the private key file.
-
Go back to the Sessions menu. In the Saved sessions field, enter any name for the session and click Save. This will save the session settings under the specified name. You can use this session profile to connect with Pageant.
-
Click Open. If this is your first time connecting to the VM, you may get this unknown host warning:
Click Accept. This will open a terminal window prompting you to enter the username to use for connection. Type the username you specified when creating the VM and press Enter. If you created your VM via the CLI,
yc-user
is the default user.If everything is configured correctly, a connection to the server will be established.
-
If you saved the session profile in PuTTY, you can use Pageant for future connections:
- Right-click the Pageant icon in the task bar.
- Select Saved sessions.
- In the saved sessions list, select the session you need.
For more information on how to solve connection issues, see FAQ.
Configure the serial console
Using the serial console, you can connect to a VM regardless of the network or OS state (for example, if there are loading or SSH access issues).
Make sure you configure access to the VM via the serial console in advance.
Delete the VM
If you no longer plan to use a virtual machine, delete it.