Working with a VM from a public image
Connecting to a VM
You can connect to a virtual machine via SSH using an SSH key pair, via OS Login, or using a serial console.
Connecting via SSH
This method for connecting to a virtual machine uses an SSH key pair: the public key resides on the VM, while the private one is kept by the user. Connecting with a key pair is more secure than with a username and password.
Note
SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex Cloud.
Creating an SSH key pair
-
Open the terminal.
-
Use the
ssh-keygencommand to create a new key:ssh-keygen -t ed25519 -C "<optional_comment>"You can specify an empty string in the
-Cparameter to avoid adding a comment, or you may not specify the-Cparameter at all: in this case, a default comment will be added.After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the
.pubextension, while the private key, in a file without extension.By default, the command prompts you to save the key under the
id_ed25519name in the following directory:/home/<username>/.ssh. If there is already an SSH key namedid_ed25519in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.
If you do not have OpenSSH installed yet, follow this guide to install it.
-
Run
cmd.exeorpowershell.exe(make sure to update PowerShell before doing so). -
Use the
ssh-keygencommand to create a new key:ssh-keygen -t ed25519 -C "<optional_comment>"You can specify an empty string in the
-Cparameter to avoid adding a comment, or you may not specify the-Cparameter at all: in this case, a default comment will be added.After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the
.pubextension, while the private key, in a file without extension.By default, the command prompts you to save the key under the
id_ed25519name in the following directory:C:\Users\<username>/.ssh. If there is already an SSH key namedid_ed25519in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.
Create keys using the PuTTY app:
-
Download and install PuTTY.
-
Make sure the directory where you installed PuTTY is included in
PATH:- Right-click My computer. Click Properties.
- In the window that opens, select Additional system parameters, then Environment variables (located in the lower part of the window).
- Under System variables, find
PATHand click Edit. - In the Variable value field, append the path to the directory where you installed PuTTY.
-
Launch the PuTTYgen app.
-
Select EdDSA as the pair type to generate. Click Generate and move the cursor in the field above it until key creation is complete.
-
In Key passphrase, enter a strong password. Enter it again in the field below.
-
Click Save private key and save the private key. Do not share its key phrase with anyone.
-
Click Save public key and save the public key in the following file:
<key_name>.pub.
Connecting using an SSH key pair
After the VM starts (its status is RUNNING), you can connect to it over SSH. To do this, use ssh in Linux, macOS, and Windows 10/11, or PuTTY in Windows 7/8.
To connect, specify the VM address. This can be either its IP address or FQDN. You can also connect from another Yandex Cloud VM using FQDN if this VM is connected to the same virtual network. You can find out the IP address in the management console by going to the Network section on the VM's page.
Connecting via OS Login
OS Login is used to provide users with SSH access to VMs through IAM. To access a VM via OS Login, enable OS Login access at the organization level.
To connect to a VM via OS Login , users must have the compute.osLogin or compute.osAdminLogin role and the VM must support OS Login at the OS level. You can create a new virtual machine with OS Login support or configure access via OS Login for an existing VM.
To connect to a virtual machine via OS Login, specify the VM name or ID.
You cannot use an SSH key to connect to VMs with OS Login access enabled over a standard SSH client.
Pre-installed software passwords
In addition to operating system distributions, there are public images with pre-installed software available in Cloud Marketplace. To get passwords to configure the pre-installed software in such images:
-
Connect to the VM.
-
You can find the pre-installed software passwords in the
/root/default_passwords.txtfile. Only a superuser has read and write access to the file. Get a list of passwords using this command:sudo cat /root/default_passwords.txt
If a public VM image has no pre-installed software, there will be no passwords file provided.
Using SSL
To use SSL, generate an SSL certificate yourself and configure the web server to use it.
To create an SSL certificate, you can use Yandex Certificate Manager. You can export the certificate and use it on the web server.
Filtering network traffic
On public image-based VMs, only those ports are open which are required for the configuration and operation of the pre-installed software.
You can view a list of open ports for a particular VM when connecting to it using an SSH key pair. To open additional ports, use the iptables utility.
At the cloud network level, security groups are used to filter the network traffic. To allow specific traffic for a virtual machine at the network level, configure a security group and associate it with the VM.
Install updates
On public image-based VMs, the OS and software are not updated automatically. You can update them on your own.