Creating a Linux VM

Written by

Yandex Cloud

Improved by

Grig A.

Updated at October 30, 2024

Getting started
Create a VM
Connect to the VM
Configure the serial console
Delete the VM
What's next

Create a Linux VM using Compute Cloud from the Yandex Cloud management console and connect to it.

Getting started

To get started in Yandex Cloud:

Log in to the management console. If you are not signed up yet, navigate to the management console and follow the instructions.
In Yandex Cloud Billing, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not yet have a billing account, create one.
If you do not have a directory yet, create one.
If you do not have an SSH key pair yet, create one.

Create a VM

In the management console, select the folder to create your VM in.
In the list of services, select Compute Cloud.
In the left-hand panel, select Virtual machines.
Click Create virtual machine.
Under Boot disk image, select an image and a Linux-based OS version.

To create a VM instance from an existing boot disk, go to the Custom tab and select the boot disk you need. To update its settings, click next to the disk name.
Under Location, select an availability zone to place your VM in.
(Optional) Configure the boot disk in the Disks and file storages section:
- Select the disk type.
- Specify the required disk size.
- (Optional) To encrypt a boot disk or a secondary disk, under Disks and file storages, click to the right of the disk name and set encryption parameters for the disk:
  - Select Encrypted disk.
  - In the KMS key field, select the key to encrypt the disk with. To create a new key, click Create new key.
  - In the Service account field, select a service account with the kms.keys.encrypterDecrypter role for the specified key. To create a service account, click Create new account.
  The encryption feature in Compute Cloud is currently at the Preview stage. To access it, open the resource creation page and click Request access under Encryption or contact support.
  
  If you deactivate the key used to encrypt a disk or snapshot, access to the data will be suspended until you reactivate the key.
  
  Alert
  
  If you destroy the key or its version used to encrypt a disk or snapshot, access to the data will be irrevocably lost. Learn more in Destroying key versions.
  
  If you are creating a VM instance from an existing boot disk, update the settings of that disk in the Custom tab under Boot disk image at the top of the form.
(Optional) Add a secondary disk:
- Under Disks and file storages, click Add
- In the window that opens, select Disk. You can select an existing disk or create a new one, either empty or from a snapshot / image.
  
  For example, to create a new empty disk:
  - Select Create new.
  - In the Contents field, select Empty.
  - Specify the disk name.
  - Select the disk type.
  - Specify the required disk size and block size.
  - (Optional) Enable the Additional option in the Delete along with the virtual machine field if you need to automatically delete this disk when deleting the VM.
  - Click Add disk.
(Optional) Connect a file storage:
- Under Disks and file storages, click Add.
  - In the window that opens, select File storage and select the storage you want to connect from the list.
    
    If you do not have any file storages, click Create file storage to create a new one.
  - Click Add file storage.
Under Computing resources, select a preset configuration or create a new one. To create a configuration:
- Go to the Custom tab.
- Choose a platform.
- Specify the guaranteed share and required number of vCPUs, as well as RAM size.
- Enable a software-accelerated network if needed.
- If required, make your VM preemptible.
Under Network settings:
- In the Subnet field, enter the ID of a subnet in the new VM’s availability zone. Alternatively, you can select a cloud network from the list.
  - Each network must have at least one subnet. If there is no subnet, create one by selecting Create subnet.
  - If you do not have a network, click Create network to create one:
    - In the window that opens, enter the network name and select the folder to host the network.
    - (Optional) Select the Create subnets option to automatically create subnets in all availability zones.
    - Click Create network.
- In the Public IP field, choose a method for assigning an IP address:
  - Auto: Assign a random IP address from the Yandex Cloud IP address pool. In this case, you can enable DDoS protection using the option below.
  - List: Select a public IP address from the list of previously reserved static addresses. For more information, see Converting a dynamic public IP address to static.
  - No address: Do not assign a public IP address.
- Select the appropriate security groups. If you leave this field empty, the default security group will be assigned to the VM.
- Expand the Additional section and select a method for internal IP address assignment in the Internal IPv4 address field:
  - Auto: Assign a random IP address from the pool of IP addresses available in the selected subnet.
  - List: Select a private IP address from the list of previously reserved IP addresses. Click Reserve to reserve a private IP address in the selected subnet if needed.
  - Enable the DDoS protection option, if needed. The option is available if you previously selected the automatic IP assignment method in the public address settings.
- (Optional) Create records for the VM in the DNS zone:
  - Expand the DNS settings for internal addresses section and click Add record.
  - Specify the zone, FQDN, and TTL for the record. When setting the FQDN, you can select Detect automatically for the zone.
    You can add multiple records to internal DNS zones. For more information, see Cloud DNS integration with Compute Cloud.
  - To create another record, click Add record.
If you want to attach an additional network interface to your VM, click Add network interface and repeat the settings from this step for the new interface. You can add up to eight network interfaces to a single VM.
Under Access, specify the data for access to the VM:
- (Optional) Enable VM access via OS Login. The option is available for Linux images from Cloud Marketplace with OS Login in their names.
- Enter the username into the Login field.
  
  Alert
  
  Do not use root or other usernames reserved by the OS. To perform operations requiring superuser permissions, use the sudo command.
- In the SSH key field, paste the contents of the public key file. You need to create a key pair for the SSH connection yourself. To learn how, see Connecting to a VM via SSH.
If you want to add several users with SSH keys to the VM at the same time, specify these users' data under Metadata. You can also use metadata to install additional software on a VM when creating it.

In public Linux images provided by Yandex Cloud, the functionality of connecting over SSH using login and password is disabled by default.
Under General information, specify the VM name:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
Note

The VM name is used to generate an internal FQDN only once: when creating a VM. If the internal FQDN is important to you, choose an appropriate name for the VM at the creation stage.
Under Additional:
- (Optional) Select or create a service account. With a service account, you can flexibly configure access rights for your resources.
- (Optional) Grant access to the serial console.
- (Optional) Under Backup, enable Connect and select or create a backup policy to back up your VMs automatically using Cloud Backup.
  
  For more information, see Connecting Compute Cloud VMs to Cloud Backup.
- (Optional) Under Monitoring, enable the Agent for delivering metrics option to configuire delivery of metrics to Yandex Monitoring.
- (Optional) Under Placement, select a VM placement group.
Click Create VM.

The VM appears in the list. Once created, the VM is assigned an IP address and a host name (FQDN).

Connect to the VM

You can connect to a VM with the RUNNING status over SSH. Some time may be required to initialize all the services after the VM starts. If there is a connection error, retry after a few minutes.

VM security groups must allow incoming TCP traffic to port 22.

To connect, specify the VM's public IP address. You can find out the public IP address in the management console: on the VM page, go to the Network section and find the Public IPv4 address field. If you created a VM with an internal IP address only, bind it to a public IP address.

You can also use the internal IP addresses and FQDNs to establish an SSH connection between the VMs on a single cloud network in Yandex Cloud.

Linux/macOS

Windows 10/11

Windows 7/8

In the terminal, run this command:

ssh <username>@<VM_public_IP_address>

Where <username> is the VM account username. If you created the VM via the CLI, yc-user is the default user.

If you have multiple private keys, specify the one you need:

ssh -i <file_path/key_file_name> <username>@<VM_public_IP_address>

If this is your first time connecting to the VM, you will see an unknown host warning:

The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established.
ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes in the terminal and press Enter.

Make sure that the Windows account has read privileges on the folder containing the keys.

To connect to the VM, execute the following command in the command line:

ssh <username>@<VM_public_IP_address>

Where <username> is the VM account username. If you created the VM via the CLI, yc-user is the default user.

If you have multiple private keys, specify the one you need:

ssh -i <key_path\key_file_name> <username>@<VM_public_IP_address>

If this is your first time connecting to the VM, you will see an unknown host warning:

The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established.
ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes in the command line and press Enter.

Establish a connection using the PuTTY app:

Run the Pageant application.
1. Right-click the pageant icon in the task bar.
2. In the context menu, select Add key.
3. Select a PuTTY-generated private key in .ppk format. If a password is set for the key, enter it.
Run PuTTY.
1. In the Host Name (or IP address) field, enter the public IP address of the VM you want to connect to. Set the port to 22 and connection type to SSH.
2. In the tree on the left, select Connection → SSH → Auth.
3. Set the Allow agent forwarding option.
4. In the tree on the left, select Connection → SSH → Auth → Credentials.
5. In the Private key file for authentication field, select the file with the private key.
6. Go back to the Sessions menu. In the Saved sessions field, enter any session name and click Save. The session settings are saved under the specified name. You can use this session profile to connect using Pageant.
7. Click Open. If this is the first time you connect to a VM, you might see a warning about an unknown host:
  
  Click Accept. A terminal window will open prompting you to enter the username of the user on whose behalf the connection is being established. Type the username that you specified when creating the VM and press Enter. If you created the VM via the CLI, yc-user is the default user.
  
  If all the settings are correct, the connection with the server will be established.