Disabling access to the serial console

Written by

Yandex Cloud

Updated at May 15, 2024

Serial console access is not secure, so enabling it might allow hackers to access your VM.

To disable access to the serial console:

Management console

CLI

In the management console, select the folder the VM belongs to.
Select Compute Cloud.
In the left-hand panel, select Virtual machines and click the name of the VM you need.
Click Edit VM.
Under Additional, disable the Access to serial console option.
Click Save changes.

Set the serial-port-enable parameter in the virtual machine metadata to 0.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

Get a list of VMs in the default folder:

yc compute instance list

Result:

+----------------------+-----------------+---------------+---------+----------------------+
|          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
+----------------------+-----------------+---------------+---------+----------------------+
| fhm0b28lgfp4******** | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
| fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
+----------------------+-----------------+---------------+---------+----------------------+

Select the ID or NAME of the VM, e.g., first-instance.
Set the serial-port-enable=0 parameter in the VM metadata:
```
yc compute instance add-metadata \
  --name first-instance \
  --metadata serial-port-enable=0
```
This command will start the operation to deactivate the serial console on the VM named first-instance.

Disabling access to the serial console

Was the article helpful?