Disabling access to a serial console

Written by

Yandex Cloud

Updated at May 5, 2025

Enabled serial console access poses a security risk as attackers could gain access to your VM.

To disable access to a serial console:

Management console

CLI

In the management console, select the folder the VM belongs to.
Select Compute Cloud.
In the left-hand panel, select Virtual machines and click the name of the VM.
Click Edit VM.
Under Additional, disable Access to serial console.
Click Save changes.

In the VM metadata, set serial-port-enable to 0.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

Get a list of VMs in the default folder:

yc compute instance list

Result:

+----------------------+-----------------+---------------+---------+----------------------+
|          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
+----------------------+-----------------+---------------+---------+----------------------+
| fhm0b28lgfp4******** | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
| fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
+----------------------+-----------------+---------------+---------+----------------------+

Select ID or NAME of the VM, e.g., first-instance.
In the VM metadata, specify serial-port-enable=0:
```
yc compute instance add-metadata \
    --name first-instance \
    --metadata serial-port-enable=0
```
This command will disable the serial console access on the first-instance VM.

Disabling access to a serial console

Was the article helpful?