Connecting to a VM's serial console via CLI
After enabling access, you can connect to the serial console to work with the VM.
Warning
Assess the risk of enabling access via the serial console considering the following:
-
The user will be able to manage the VM from the internet even if there is no external IP address.
To access the VM serial console from the Yandex.Cloud management console, the user must be authenticated in the Yandex.Cloud management console and have the proper rights to the VM. The user can also access the VM serial console from an SSH client application (such as PuTTY) or the YC CLI via SSH key authentication. In this regard, to reduce the risk of web session hijacking, the user needs to carefully monitor the SSH key and end the web session.
-
The session will be simultaneously shared by all users who have access to the serial console.
Users will be able to see each other's actions when they're watching the serial console's output.
-
A valid session can be exploited by another user.
We recommend using the serial console only when absolutely necessary, grant access to a narrow group of people, and use strong VM passwords.
Make sure you disable access when you finish working with the serial console.
Federated users can only connect to the serial console using the CLI or SSH. These users can't access the serial console from the Yandex.Cloud management console.
Connecting to the serial console
Note
How the serial console works depends on the operating system settings. Compute Cloud provides a communication channel between the user and COM port on the VM, but it doesn't guarantee that the console works properly on the operating system.
To connect to the serial console, use the CLI.
If you don't have the Yandex.Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.
-
View the description of the CLI command for connecting to the serial console:
$ yc compute connect-to-serial-port --help -
Get a list of VMs in the default folder:
$ yc compute instance list +----------------------+-----------------+---------------+---------+----------------------+ | ID | NAME | ZONE ID | STATUS | DESCRIPTION | +----------------------+-----------------+---------------+---------+----------------------+ | fhm0b28lgfp4tkoa3jl6 | first-instance | ru-central1-a | RUNNING | my first vm via CLI | | fhm9gk85nj7gcoji2f8s | second-instance | ru-central1-a | RUNNING | my second vm via CLI | +----------------------+-----------------+---------------+---------+----------------------+ -
Select the VM
IDorNAME(for example,first-instance). -
Connect to the Linux serial console:
$ yc compute connect-to-serial-port \ --instance-name first-instance \ --ssh-key ~/.ssh/id_rsaOr to Windows SAC:
$ yc compute connect-to-serial-port \ --instance-name first-instance \ --port 2Parameter Value instance-nameRequired parameter. Name of the instance. userOptional parameter. Username. If this parameter is omitted, the default yc-useruser will be used. Theyc-useruser is generated automatically when the VM is being created. Learn more in Creating a VM from a public Linux image.portOptional parameter. Port number to connect to the serial console. The default value is 1. You don't need to specify this parameter to connect to the Linux serial console. When connecting to the Windows serial console (SAC), pass the value 2. ssh-keyOptional parameter. Path to the private key for SSH access to the Linux VM to be added to the metadata. If this parameter is omitted, the yc_serialssh_keySSH key is generated.
Troubleshooting
- If you connect to the serial console and nothing appears on the screen:
- Press
Enter. - Restart the VM (for virtual machines created before February 22).
- Press
- If the system requests user data to provide access to the VM, enter the login and password.
Disconnecting from the serial console
To disconnect from the serial console:
- Press
Enter. - Enter the following characters in order:
~..