Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Compute Cloud
    • All guides
      • Connecting to a VM via SSH
      • Exchanging files with VMs
      • Connecting to a VM via RDP
      • Connecting to a VM via PowerShell
      • Using Yandex Cloud from within a VM
      • Installing NVIDIA drivers
      • Recovering access to a VM
    • Viewing operations with resources
  • Yandex Container Solution
  • Access management
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Loss of VM user credentials
  • Change in the public part of an SSH key
  • SSH connection failure
  • Loss of an SSH key
  • VM failure to start
  1. Step-by-step guides
  2. Using a VM
  3. Recovering access to a VM

Recovering access to a VM

Written by
Yandex Cloud
Improved by
Joker1796
Updated at February 12, 2025
  • Loss of VM user credentials
  • Change in the public part of an SSH key
  • SSH connection failure
  • Loss of an SSH key
  • VM failure to start

You may need to recover access to a VM in the following cases:

  • Loss of VM user credentials.
  • Change in the public part of an SSH key.
  • SSH connection failure.
  • VM failure to start.

Loss of VM user credentialsLoss of VM user credentials

If you lost your private SSH key for Linux or your Windows user password:

  1. Create a disk snapshot for the VM you want to recover access to.

  2. If you find it important to keep the public IP address used by the current VM, make this IP address static.

  3. Stop the VM and unlink the public IP address from it.

  4. Create a new VM with the disk from the snapshot by specifying this disk as the boot disk. When creating a VM, enter your new credentials under Access.

    If you had previously made the VM's public IP address static, use that IP address as the public IP address of the new VM:

    Management console
    CLI
    Terraform

    In the Public IP address field, select the List address assignment method and select the previously reserved IP from the list that opens.

    In the yc compute instance create command, provide the previously reserved IP address in the nat-address field of the --network-interface parameter. Here is an example:

    yc compute instance create \
      ...
      --network-interface subnet-name=subnet-b,nat-ip-version=ipv4,nat-address=111.112.13.14 \
      ...
    

    For more information about the yc compute instance create command, see the CLI reference.

    In the network_interface section of the yandex_compute_disk resource, specify the previously reserved IP address in the nat_ip_address parameter. Here is an example:

    network_interface {
      subnet_id      = "e2lqsms4cdl3********"
      nat            = true
      nat_ip_address = "111.112.13.14"
    }
    

    For more information about the yandex_compute_disk resource, see the relevant provider documentation.

  5. Connect to the VM via SSH or RDP using the new credentials.

  6. Once you know that the new VM is up and running, delete the old VM and the disk snapshot.

    If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.

If the 'cloud-init' or network configuration was changed for the VM, the described method may not work. In this case, see VM failure to start.

Change in the public part of an SSH keyChange in the public part of an SSH key

You may encounter problems when accessing a Linux VM over SSH if the public part of your SSH key was changed or deleted on that VM.

You can recover access to a Linux VM over SSH using the serial console if you have a valid pair of SSH keys.

If you cannot access the serial console, follow these steps to recover the public part of your SSH key:

  1. Stop the VM.

  2. Take a snaphost of the VM boot disk.

  3. Create an auxiliary Linux VM. Under Boot disk image, select the OS for the boot disk. To attach a data disk to an auxiliary VM, select the previously created snapshot under Disks and file storages.

  4. Connect over SSH to the auxiliary VM and mount the disk you created from the snapshot.

  5. Replace the SSH key stored on this disk with a valid one:

    1. Go to the folder containing the public part of the SSH key in the mounted partition. Here is an example:

      cd /mnt/home/<username>/.ssh
      

      By default, user SSH keys are stored in the user's ~/.ssh folder.

    2. Open the authorized_keys file, e.g., using the nano text editor:

      nano authorized_keys
      

      If the file is missing, this command will create it.

    3. Replace the file contents with the public part of the valid SSH key pair.

  6. Unmount the disk with the fixed SSH key from the VM:

    sudo umount /mnt
    
  7. Stop the auxiliary VM and detach the disk with the fixed SSH key from it.

  8. Create a new VM. Under Boot disk image, go to the Custom tab and select the disk with the fixed SSH key as the boot disk.

    Note

    Make sure the new VM and the disk with the fixed SSH key are in the same availability zone.

  9. Connect to the new VM via SSH.

  10. Delete the disk snapshot and delete the auxiliary and old VMs.

    If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.

SSH connection failureSSH connection failure

The problem may occur due to an error in the SSH, security group, or network settings. To recover access, connect to the VM using the serial console and adjust the settings as appropriate.

Linux

Note

You can only use the serial console if a user password has been set; otherwise, see VM failure to start.

  1. Enable access to the VM serial console.
  2. Connect to the VM serial console.
  3. Change the SSH or network settings. If you have security groups configured, make sure their rules allow incoming TCP traffic on port 22.
  4. Connect to the VM via SSH.

Loss of an SSH keyLoss of an SSH key

If you set a user password, configure the VM serial console and connect to it. We recommend connecting through the CLI.

If no user password is set, take a snapshot of the VM's disk and create a new VM from the snapshot.

If the problem persists:

  1. Create a new disk from the VM snapshot.
  2. Attach it as a secondary disk to a different VM.
  3. Change the root directory with chroot.
  4. Modify configuration files that affect VM accessibility, e.g., set a new password for the user using the sudo passwd <username> command.
  5. Detach the disk from the VM.
  6. Create a new VM. Under Image/boot disk selection, go to the Custom tab and select your disk as the boot disk.
  7. After restoring access to the VM, do not forget to delete unused resources: VMs, disks, and disk snapshots. If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.

VM failure to startVM failure to start

If a VM fails to start, follow these steps to get access to the disk data:

  1. Create a disk snapshot for the VM you want to recover access to.
  2. Create a disk from the snapshot. When creating a disk, select Snapshot in the Contents field and specify the snapshot you created.
  3. Attach the disk as secondary to the auxiliary VM.
  4. Modify the configuration files affecting the VM startup or copy essential data.
  5. Detach the disk from the auxiliary VM.
  6. If you troubleshot the issue preventing your VM from starting, create a new VM. When creating a VM, go to the Boot disk image tab under Custom and select the fixed disk as the boot disk.
  7. After restoring access to the VM, do not forget to delete unused resources: VMs, disks, and disk snapshots. If you do not delete them, they will remain billable, and Yandex Cloud will continue to charge for them.

Was the article helpful?

Previous
Installing NVIDIA drivers
Next
Testing the agent
© 2025 Direct Cursus Technology L.L.C.