Disabling access to a serial console

Written by

Yandex Cloud

Updated at March 17, 2026

Enabled serial console access poses a security risk as attackers could gain access to your VM.

To disable access to a serial console:

Management console

CLI

In the management console, select the folder this VM belongs to.
Go to Compute Cloud.
In the left-hand panel, select Virtual machines and click the name of the VM.
Click Edit VM.
Under Additional, disable Serial console access.
Click Save changes.

In the VM metadata, set serial-port-enable to 0.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id options.

Get a list of VMs in the default folder:

yc compute instance list

Result:

+----------------------+-----------------+---------------+---------+----------------------+
|          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
+----------------------+-----------------+---------------+---------+----------------------+
| fhm0b28lgfp4******** | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
| fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
+----------------------+-----------------+---------------+---------+----------------------+

Select the ID or NAME of the VM, e.g., first-instance.
In the VM metadata, specify serial-port-enable=0:
```
yc compute instance add-metadata \
    --name first-instance \
    --metadata serial-port-enable=0
```
This command will disable the serial console access on the first-instance VM.

Disabling access to a serial console

Was the article helpful?