Creating a Linux VM
Create a Linux VM using Compute Cloud from the Yandex Cloud management console and connect to it.
Getting started
To get started in Yandex Cloud:
- Log in to the management console
. If you are not signed up yet, navigate to the management console and follow the instructions. - In Yandex Cloud Billing
, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not yet have a billing account, create one. - If you do not have a directory yet, create one.
- If you do not have an SSH key pair yet, create one.
Create a VM
-
In the management console
, select the folder to create your VM in. -
In the list of services, select Compute Cloud.
-
In the left-hand panel, select
Virtual machines. -
Click Create virtual machine.
-
Under Boot disk image, select an image and a Linux-based OS version.
To create a VM instance from an existing boot disk, go to the Custom tab and select the boot disk you need. To update its settings, click
next to the disk name. -
Under Location, select an availability zone to place your VM in.
-
(Optional) Configure the boot disk in the Disks and file storages section:
-
Select the disk type.
-
Specify the required disk size.
-
(Optional) To encrypt a boot disk or a secondary disk, under Disks and file storages, click
to the right of the disk name and set encryption parameters for the disk:- Select Encrypted disk.
- In the KMS key field, select the key to encrypt the disk with. To create a new key, click Create new key.
- In the Service account field, select a service account with the
kms.keys.encrypterDecrypter
role for the specified key. To create a service account, click Create new account.
The encryption feature in Compute Cloud is currently at the Preview stage. To access it, open the resource creation page and click Request access under Encryption or contact support
.If you deactivate the key used to encrypt a disk or snapshot, access to the data will be suspended until you reactivate the key.
Alert
If you destroy the key or its version used to encrypt a disk or snapshot, access to the data will be irrevocably lost. Learn more in Destroying key versions.
If you are creating a VM instance from an existing boot disk, update the settings of that disk in the Custom tab under Boot disk image at the top of the form.
-
-
(Optional) Add a secondary disk:
-
Under Disks and file storages, click Add.
-
In the window that opens, select Disk. You can select an existing disk or create a new one: either empty or from a snapshot / image.
For example, to create a new empty disk:
- Select
Create new
. - In the Contents field, select
Empty
. - Specify the disk name.
- Select the disk type.
- Specify the required disk size and block size.
- (Optional) In the Additional field, enable Delete along with the virtual machine if you need to automatically delete this disk when deleting the VM.
- Click Add disk.
- Select
-
-
(Optional) Connect a file storage:
-
Under Disks and file storages, click Add.
-
In the window that opens, select File storage and select the storage you want to connect from the list.
If you do not have any file storages, click Create file storage to create a new one.
-
Click Add file storage.
-
-
-
Under Computing resources, select a preset configuration or create a new one. To create a configuration:
- Go to the Custom tab.
- Choose a platform.
- Specify the guaranteed share and required number of vCPUs, as well as RAM size.
- Enable a software-accelerated network if needed.
- If required, make your VM preemptible.
-
Under Network settings:
-
In the Subnet field, enter the ID of a subnet in the new VM’s availability zone. Alternatively, you can select a cloud network from the list.
-
Each network must have at least one subnet. If there is no subnet, create one by selecting Create subnet.
-
If you do not have a network, click Create network to create one:
- In the window that opens, enter the network name and select the folder to host the network.
- (Optional) Select the Create subnets option to automatically create subnets in all availability zones.
- Click Create network.
-
-
In the Public IP field, choose a method for assigning an IP address:
Auto
: Assign a random IP address from the Yandex Cloud IP address pool. In this case, you can enable DDoS protection using the option below.List
: Select a public IP address from the list of previously reserved static addresses. For more information, see Converting a dynamic public IP address to static.No address
: Do not assign a public IP address.
-
Select the appropriate security groups. If you leave this field empty, the default security group will be assigned to the VM.
-
Expand the Additional section and select a method for internal IP address assignment in the Internal IPv4 address field:
Auto
: Assign a random IP address from the pool of IP addresses available in the selected subnet.List
: Select a private IP address from the list of previously reserved IP addresses. Click Reserve to reserve a private IP address in the selected subnet if needed.- Enable the DDoS protection option, if needed. The option is available if you previously selected the automatic IP assignment method in the public address settings.
-
(Optional) Create records for the VM in the DNS zone:
- Expand the DNS settings for internal addresses section and click Add record.
- Specify the zone, FQDN, and TTL for the record. When setting the FQDN, you can select
Detect automatically
for the zone.
You can add multiple records to internal DNS zones. For more information, see Cloud DNS integration with Compute Cloud. - To create another record, click Add record.
If you want to attach an additional network interface to your VM, click Add network interface and repeat the settings from this step for the new interface. You can add up to eight network interfaces to a single VM.
-
-
Under Access, specify the data for access to the VM:
-
(Optional) Enable VM access via OS Login. The option is available for Linux images from Cloud Marketplace with
OS Login
in their names. -
Enter the username into the Login field.
Alert
Do not use
root
or other usernames reserved by the OS. To perform operations requiring superuser permissions, use thesudo
command. -
In the SSH key field, paste the contents of the public key file. You need to create a key pair for the SSH connection yourself. To learn how, see Connecting to a VM via SSH.
If you want to add several users with SSH keys to the VM at the same time, specify these users' data under Metadata. You can also use metadata to install additional software on a VM when creating it.
In public Linux images provided by Yandex Cloud, the functionality of connecting over SSH using login and password is disabled by default.
-
-
Under General information, specify the VM name:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
Note
The VM name is used to generate an internal FQDN only once: when creating a VM. If the internal FQDN is important to you, choose an appropriate name for the VM at the creation stage.
-
Under Additional:
-
(Optional) Select or create a service account. With a service account, you can flexibly configure access rights for your resources.
-
(Optional) Grant access to the serial console.
-
(Optional) Under Backup, enable Connect and select or create a backup policy to back up your VMs automatically using Cloud Backup.
For more information, see Connecting Compute Cloud VMs to Cloud Backup.
-
(Optional) Under Monitoring, enable the Agent for delivering metrics option to configuire delivery of metrics to Yandex Monitoring.
-
(Optional) Under Placement, select a VM placement group.
-
-
Click Create VM.
The VM appears in the list. Once created, the VM is assigned an IP address and a host name (FQDN).
Connect to the VM
You can connect to a VM with the RUNNING
status over SSH. Some time may be required to initialize all the services after the VM starts. If there is a connection error, retry after a few minutes.
VM security groups must allow incoming TCP traffic to port 22.
To connect, specify the VM's public IP address. You can find out the public IP address in the management console: on the VM page, go to the Network section and find the Public IPv4 address field. If you created a VM with an internal IP address only, bind it to a public IP address.
You can also use the internal IP addresses and FQDNs to establish an SSH connection between the VMs on a single cloud network in Yandex Cloud.
In the terminal, run this command:
ssh <username>@<VM_public_IP_address>
Where <username>
is the VM account username. If you created the VM via the CLI, yc-user
is the default user.
If you have multiple private keys, specify the one you need:
ssh -i <file_path/key_file_name> <username>@<VM_public_IP_address>
If this is your first time connecting to the VM, you will see an unknown host warning:
The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established.
ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type yes
in the terminal and press Enter.
Make sure that the Windows account has read privileges on the folder containing the keys.
To connect to the VM, execute the following command in the command line:
ssh <username>@<VM_public_IP_address>
Where <username>
is the VM account username. If you created the VM via the CLI, yc-user
is the default user.
If you have multiple private keys, specify the one you need:
ssh -i <key_path\key_file_name> <username>@<VM_public_IP_address>
If this is your first time connecting to the VM, you will see an unknown host warning:
The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established.
ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type yes
in the command line and press Enter.
Establish a connection using the PuTTY app:
- Run the Pageant application.
- Right-click the pageant icon in the task bar.
- In the context menu, select Add key.
- Select a PuTTY-generated private key in
.ppk
format. If a password is set for the key, enter it.
- Run PuTTY.
-
In the Host Name (or IP address) field, enter the public IP address of the VM you want to connect to. Set the port to
22
and connection type to SSH. -
In the tree on the left, select Connection → SSH → Auth.
-
Set the Allow agent forwarding option.
-
In the tree on the left, select Connection → SSH → Auth → Credentials.
-
In the Private key file for authentication field, select the file with the private key.
-
Go back to the Sessions menu. In the Saved sessions field, enter any session name and click Save. The session settings are saved under the specified name. You can use this session profile to connect using Pageant.
-
Click Open. If this is the first time you connect to a VM, you might see a warning about an unknown host:
Click Accept. A terminal window will open prompting you to enter the username of the user on whose behalf the connection is being established. Type the username that you specified when creating the VM and press Enter. If you created the VM via the CLI,
yc-user
is the default user.If all the settings are correct, the connection with the server will be established.
-
If you saved the session profile in PuTTY, you can use Pageant to establish a connection in the future:
- Right-click the pageant icon in the task bar.
- Select the Saved sessions menu item.
- In the saved sessions list, select the session you need.
For more information on how to solve connection issues, see FAQ.
Configure the serial console
Using the serial console, you can connect to a VM regardless of the network or OS state (for example, if there are loading or SSH access issues).
Make sure you configure access to the VM via the serial console in advance.
Delete the VM
If you no longer plan to use a virtual machine, delete it.