Working with a VM based on a public image

Connecting via SSH

The recommended method for connecting to a virtual machine over SSH is based on using a key pair: the open key is placed on the virtual machine, and the private key is stored on the user's device. Connecting with a key pair is more secure than connecting with a username and password.

Note

SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex.Cloud.

Creating an SSH key pair

Creating an SSH key pair

Prepare the keys for use with your virtual machines. To do this:

  1. Open the terminal.

  2. Use the ssh-keygen command to create a new key:

    $ ssh-keygen -t rsa -b 2048
    

    After the command runs, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is id_rsa. Keys are created in the ~./ssh directory.

    The public part of the key will be saved in a file with the name <key name>.pub. Copy the key string to the public key field when creating a new virtual machine via the management console.

  1. Run cmd.exe or powershell.exe.

  2. Use the ssh-keygen command to create a new key. Run the command:

    $ ssh-keygen -t rsa -b 2048
    

    After the command runs, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is id_rsa. Keys are created in the C:\Users\<user name>\.ssh\ directory.

    The public part of the key will be saved in a file with the name <key name>.pub. Open the file using Notepad or another text editor and copy the key string to the public key field when creating a new virtual machine via the management console.

To create keys for Windows, use the PuTTY application.

  1. Download and install PuTTY.

  2. Make sure that the directory where you installed PuTTY is included in PATH:

    1. Right-click on My computer. Click Properties.
    2. In the window that opens, select Additional system parameters, then Environment variables (located in the lower part of the window).
    3. Under System variables, find PATH and click Edit.
    4. In the Variable value field, append the path to the directory where you installed PuTTY.
  3. Launch the PuTTYgen app.

  4. Select RSA for the type of pair to generate and set the length to 2048. Click Generate and move the cursor in the field above it until key creation is complete.

    ssh_generate_key

  5. In the Key passphrase field, enter a strong password. Enter it again in the field below.

  6. Click Save private key and save the private key. Never share it with anyone and do not tell anyone the passphrase for it.

  7. Save the key in a text file in a single line. To do this, copy the public key from the text field to a text file with the name id_rsa.pub.

  8. When creating a virtual machine via the management console, specify the public key. To do this, open the id_rsa.pub file in Notepad and copy the key value to the SSH key field.

Connecting to a VM

You can connect to a VM using the SSH protocol when it is running (the VM's status is RUNNING). You can use the ssh tool in Linux and macOS or PuTTY for Windows.

To connect, you have to specify the address of the VM. This can be its IP address or the FQDN. Access via FQDN is possible from another Yandex.Cloud VM, if it is connected to the same virtual network. You can find out the IP address in the management console. Go to the Network section on the virtual machine's page.

Connecting using your login and password

You can connect to a VM with your login and password when it is started.

Note

SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex.Cloud.

To get logins and passwords for VMs based on public images, use the following command:

$ sudo cat /root/default_passwords.txt

If password authentication is not supported, there won't be a file with passwords.

Using SSL

To use SSL, generate an SSL certificate yourself and configure the web server to work with it.

Filtering network traffic

On public image-based VMs, only those ports are open which are required for the configuration and operation of the pre-installed software.

You can view a list of open ports for a particular VM when connecting to it via SSH. To open additional ports, use the iptables utility.

Installing updates

On public image-based VMs, the OS and software are not updated automatically. You can update them on your own.