Connecting to a Linux VM via SSH

The recommended method for connecting to a virtual machine over SSH is based on using a key pair: the open key is placed on the virtual machine, and the private key is stored on the user's device. Connecting with a key pair is more secure than connecting with a username and password.

Note

In public Linux images provided by Yandex.Cloud, the functionality of connecting over SSH using login and password is disabled by default.

Creating an SSH key pair

Prepare the keys for use with your virtual machines. To do this:

  1. Open the terminal.

  2. Use the ssh-keygen command to create a new key:

    $ ssh-keygen -t rsa -b 2048
    

    After the command runs, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is id_rsa. Keys are created in the ~./ssh directory.

    The public part of the key will be saved in a file with the name <key name>.pub. Copy the key string to the public key field when creating a new virtual machine via the management console.

  1. Run cmd.exe or powershell.exe.

  2. Use the ssh-keygen command to create a new key. Run the command:

    $ ssh-keygen -t rsa -b 2048
    

    After the command runs, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is id_rsa. Keys are created in the C:\Users\\.ssh\ directory.

    The public part of the key will be saved in a file with the name <key name>.pub. Open the file using Notepad or another text editor and copy the key string to the public key field when creating a new virtual machine via the management console.

To create keys for Windows, use the PuTTY application.

  1. Download and install PuTTY.

  2. Make sure that the directory where you installed PuTTY is included in PATH:

    1. Right-click on My computer. Click Properties.
    2. In the window that opens, select Additional system parameters, then Environment variables (located in the lower part of the window).
    3. Under System variables, find PATH and click Edit.
    4. In the Variable value field, append the path to the directory where you installed PuTTY.
  3. Launch the PuTTYgen app.

  4. Select RSA for the type of pair to generate and set the length to 2048. Click Generate and move the mouse in the field above it until the key creation is complete.

    ssh_generate_key

  5. In the Key passphrase field, enter a strong password. Enter it again in the field below.

  6. Click Save private key and save the private key. Never share it with anyone and do not tell anyone the passphrase for it.

  7. Save the public key from the text field in a text file with the name id_rsa.pub. The key will be saved in a single line in this file. Open the file using Notepad or another text editor and copy the key string to the public key field when creating a new virtual machine via the management console.

Connecting to a VM

You can connect to a VM using the SSH protocol when it is running (the VM's status is RUNNING). You can use the ssh tool on Linux and macOS or PuTTY for Windows.

To connect to the VM, specify its public address. You can find out the public IP address in the management console. Go to the VM's page, find the Network section, and see the Public IPv4 field. If you created a VM with only an internal address, you need to create a new VM with a public address to make it accessible through the internet.

You can also use the internal IP addresses and FQDNs to establish an SSH connection between the VMs within a single cloud network of Yandex.Cloud.

In the terminal, run the following command:

$ ssh <user_name>@<VM_public_IP_address>

If this is the first time you connect to a VM, you might see a warning about an unknown host:

The authenticity of host '130.193.40.101 (130.193.40.101)' can't be established.
ECDSA key fingerprint is SHA256:PoaSwqxRc8g6iOXtiH7ayGHpSN0MXwUfWHkGgpLELJ8.
Are you sure you want to continue connecting (yes/no)?

Type yes in the terminal and press Enter.

In Windows, a connection is established using the PuTTY app.

  1. Run the Pageant app.
    1. Right-click on the Pageant icon in the task bar.
    2. In the context menu, select Add key.
    3. Select a PuTTY-generated private key in the .ppk format. If a password is set for the key, enter it.
  2. Run the PuTTY app.
    1. In the Host Name (or IP address) field, enter the public IP address of the VM you want to connect to. Specify port 22 and SSH as the connection type.

      ssh_add_ip

    2. In the tree on the left, select Connection - SSH - Auth.

    3. Set the Allow agent forwarding option.

    4. In the Private key file for authentication field, select the file with the private key.

      ssh_choose_private_key

    5. Go back to the Sessions menu. In the Saved sessions field, enter any session name and click Save. The session settings are saved under the specified name. You can use this session profile to connect to VMs using Pageant.

      ssh_save_session

    6. Click Open. If this is the first time you connect to a VM, you might see a warning about an unknown host:

      ssh_unknown_host_warning

      Click Yes. A terminal window opens suggesting that you enter the login of the user on whose behalf the connection is being established. Type the user name that you specified when creating the VM and press Enter. If everything is configured correctly, the connection with the server will be established.

      ssh_login

If you saved the session profile in PuTTY, you can use Pageant to establish a connection in the future:

  1. Right-click on the Pageant icon in the task bar.
  2. Select the Saved sessions menu item.
  3. In the saved sessions list, select the necessary session.

Adding SSH keys for other users

You can add SSH keys for another user of the VM. To do this, create a new user and add a file with the authorized keys for this user.

  1. Log in to the VM under the username that you specified when creating the VM in the management console.

  2. Create a new user and specify the bash wrapper to be used by default for this user:

    $ sudo useradd -m -d /home/testuser -s /bin/bash testuser
    
  3. Switch to the new user:

    $ sudo su - testuser
    
  4. Create the .ssh folder in the new user's home directory:

    $ mkdir .ssh
    
  5. In the .ssh folder, create the authorized_keys file:

    $ touch .ssh/authorized_keys
    
  6. Add the new user's public key to the authorized_keys file:

    $ echo "ssh-rsa <public_key>" > /home/testuser/.ssh/authorized_keys
    
  7. Disconnect from the VM.

  8. Make sure you have access to the VM by connecting to it under the new user's name:

    $ ssh testuser@<VM-public-IP-address>