Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Blog
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
Yandex Compute Cloud
  • Getting started
    • Overview
    • Creating a Linux VM
    • Creating instance groups
  • Step-by-step instructions
    • All instructions
    • Creating VMs
      • Creating a Linux VM
      • Creating a VM from a set of disks
      • Creating a VM with disks from snapshots
      • Creating a VM from a custom image
      • Creating a VM with a GPU
      • Making a VM preemptible
    • DSVM
      • Overview
      • Creating a VM from a public DSVM image
    • Placement groups
      • Creating a placement group
      • Deleting a placement group
      • Creating a VM in a placement group
      • Adding a VM to a placement group
      • Removing a VM from a placement group
    • Images with pre-installed software
      • Creating a VM from a public image
      • Configuring software
      • Running a VM based on a public image
      • Getting a list of public images
    • Getting information about a VM
      • Getting information about a VM
      • Getting serial port's output
    • Managing VMs
      • Stopping and starting a VM
      • Attaching a disk to a VM
      • Detaching a disk from a VM
      • Moving a VM to a different availability zone
      • Moving a VM to another folder
      • Attaching a public IP address to a VM
      • Detaching a public IP address from a VM
      • Making a VM's public IP address static
      • Updating a VM
      • Changing VM computing resources
      • Deleting a VM
    • Working on VMs
      • Connecting to a VM via SSH
      • Connecting to a VM via RDP
      • Connecting to a VM via PowerShell
      • Working with Yandex Cloud from inside a VM
      • Installing NVIDIA drivers
      • Restoring access to a VM
    • Managing the password reset agent
      • Installing the agent
    • Creating a disk
      • Creating an empty disk
      • Creating an empty disk with a large block
      • Creating a non-replicated disk
    • Disk management
      • Updating a disk
      • Configuring disk snapshot schedules
      • Moving a disk to another folder
      • Deleting a disk
    • Disk snapshots
      • Creating snapshots
      • Deleting snapshots
      • Creating a snapshot schedule
      • Changing a snapshot schedule
      • Interrupting and starting a snapshot schedule
      • Deleting a snapshot schedule
    • Disk placement groups
      • Creating a disk placement group
      • Removing a disk from a placement group
    • Creating an image
      • Preparing a disk image
      • Uploading your image
      • Creating an image from a disk
      • Creating an image from a disk snapshot
      • Creating an image from other custom image
    • Managing images
      • Getting a list of images
      • Deleting a disk image
    • File storage
      • Creating file storage
      • Attaching file storage to a VM
      • Detaching file storage from a VM
      • Updating file storage
      • Deleting file storage
    • Managing the serial console
      • Getting started
      • Connecting to a serial console via SSH
      • Connecting to a serial console via the CLI
      • Starting your terminal in the Windows serial console (SAC)
      • Disabling access to the serial console
    • Creating instance groups
      • Creating a fixed-size instance group
      • Creating a fixed-size instance group with a network load balancer
      • Creating a fixed-size instance group with an L7 load balancer
      • Creating an automatically scaled instance group
      • Creating an instance group from a Container Optimized Image
      • Creating an instance group based on the YAML specification
    • Getting information about instance groups
      • Getting a list of instance groups
      • Getting information about an instance group
      • Getting a list of instances in a group
    • Managing instance groups
      • Editing an instance group
      • Edit an instance group based on the YAML specification
      • Configuring application health check on the VM
      • Updating a group
        • Incremental update
        • Uninterrupted updates
      • Pausing an instance group
      • Resuming an instance group
      • Stopping an instance group
      • Starting an instance group
      • Deleting an instance group
    • Dedicated hosts
      • Creating a group of dedicated hosts
      • Creating a VM in a group of dedicated hosts
      • Creating a VM on a dedicated host
  • Yandex Container Solution
  • Practical guidelines
    • All tutorials
    • Configuring clock synchronization using NTP
    • Running instance groups with auto scaling
    • Automatically scaling an instance group for handling messages from a queue
    • Updating an instance group under load
    • Transferring logs from a VM instance to Yandex Cloud Logging
    • Building a VM image with a set of infrastructure tools using Packer
    • Creating a VM backup with Hystax Acura Backup
  • Concepts
    • Relationship between resources
    • Virtual machines
      • Overview
      • Platforms
      • vCPU performance levels
      • Preemptible VMs
      • Network on a VM
      • Software-accelerated network
      • Live migration
      • Placement groups
      • Statuses
      • Metadata
    • Graphics accelerators
    • Disks and file storage
      • Overview
      • Disks
      • Disk snapshots
      • Creating scheduled snapshots
      • Non-replicated disk placement groups
      • File storage
      • Read and write operations
    • Images
    • Instance groups
      • Overview
      • Access
      • YAML specification
      • Instance template
      • Variables in an instance template
      • Policies
        • Overview
        • Allocation policy
        • Deployment policy
        • Scaling policy
      • Scaling types
      • Auto-healing
      • Updating
        • Overview
        • Allocating instances across zones
        • Deployment algorithm
        • Rules for updating virtual machines
        • Changing secondary disks in an instance template
      • Stopping and pausing an instance group
      • Statuses
    • Dedicated hosts
    • Backups
    • Quotas and limits
  • Access management
  • Pricing policy
    • Current pricing policy
    • Archive
      • Before January 1, 2019
      • From January 1 to March 1, 2019
      • From March 1 to May 1, 2019
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • DiskPlacementGroupService
      • DiskService
      • DiskTypeService
      • FilesystemService
      • HostGroupService
      • HostTypeService
      • ImageService
      • InstanceService
      • PlacementGroupService
      • SnapshotScheduleService
      • SnapshotService
      • ZoneService
      • InstanceGroupService
      • OperationService
    • REST
      • Overview
      • DiskPlacementGroup
        • Overview
        • create
        • delete
        • get
        • list
        • listDisks
        • listOperations
        • update
      • Disk
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • move
        • update
      • DiskType
        • Overview
        • get
        • list
      • Filesystem
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • HostGroup
        • Overview
        • create
        • delete
        • get
        • list
        • listHosts
        • listInstances
        • listOperations
        • update
      • HostType
        • Overview
        • get
        • list
      • Image
        • Overview
        • create
        • delete
        • get
        • getLatestByFamily
        • list
        • listOperations
        • update
      • Instance
        • Overview
        • addOneToOneNat
        • attachDisk
        • attachFilesystem
        • create
        • delete
        • detachDisk
        • detachFilesystem
        • get
        • getSerialPortOutput
        • list
        • listOperations
        • move
        • removeOneToOneNat
        • restart
        • start
        • stop
        • update
        • updateMetadata
        • updateNetworkInterface
      • PlacementGroup
        • Overview
        • create
        • delete
        • get
        • list
        • listInstances
        • listOperations
        • update
      • SnapshotSchedule
        • Overview
        • create
        • delete
        • disable
        • enable
        • get
        • list
        • listDisks
        • listOperations
        • listSnapshots
        • update
        • updateDisks
      • Snapshot
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • Zone
        • Overview
        • get
        • list
      • Operation
        • Overview
        • get
      • InstanceGroup
        • Overview
        • list
        • get
        • listLogRecords
        • updateFromYaml
        • updateAccessBindings
        • pauseProcesses
        • stop
        • start
        • delete
        • listInstances
        • createFromYaml
        • update
        • setAccessBindings
        • listOperations
        • create
        • listAccessBindings
        • resumeProcesses
  • Questions and answers
    • General questions
    • Virtual machines
    • Connection
    • Disks, snapshots, and images
    • Disaster recovery
    • Instance groups
    • Monitoring
    • Licensing
    • All questions on one page
  1. Step-by-step instructions
  2. Managing the serial console
  3. Getting started

Getting started with the serial console

Written by
Yandex Cloud
  • Before you begin
  • Enabling the console when creating a VM from a public image
  • Enabling the console when updating a VM
  • Configuring a VM for serial port access
    • Linux

The serial console allows you to access a VM regardless of the network or OS status. For example, you can use the console for troubleshooting VM issues or when there are problems with SSH access.

Serial console access is disabled by default.

Warning

Assess the risk of enabling access via the serial console considering the following:

  • The user will be able to manage the VM from the internet even if there is no external IP address.

    To access the VM serial console from the Yandex Cloud management console, the user must be authenticated in the Yandex Cloud management console and have the proper rights to the VM. The user can also access the VM serial console from an SSH client application (such as PuTTY) or the YC CLI via SSH key authentication. In this regard, to reduce the risk of web session hijacking, the user needs to carefully monitor the SSH key and end the web session.

  • The session will be simultaneously shared by all users who have access to the serial console.

    Users will be able to see each other's actions when they're watching the serial console's output.

  • A valid session can be exploited by another user.

We recommend using the serial console only when absolutely necessary, grant access to a narrow group of people, and use strong VM passwords.
Make sure you disable access when you finish working with the serial console.

Federated users can only connect to the serial console using the CLI or SSH. These users can't access the serial console from the Yandex Cloud management console.

Before you begin

Before you enable serial console access on a VM:

  1. Prepare the key pair (public and private keys) for SSH access to the VM. The serial console authenticates users via SSH keys.

  2. Create a text file (for example, sshkeys.txt) and specify the following:

    <username>:<user's public SSH key>
    

    Example of a text file for yc-user:

    yc-user:ssh-rsa AAAAB3Nza......OjbSMRX yc-user@example.com
    

    By default, a user's SSH keys are stored in the ~/.ssh directory of this user. You can get a public key by running cat ~/.ssh/<public key name>.pub.

Enabling the console when creating a VM from a public image

To enable access to the serial console when creating a VM, set the serial-port-enable parameter in the metadata to 1.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

Linux
  1. View a description of the CLI create VM command:

    yc compute instance create --help
    
  2. Select a public image based on a Linux OS (such as Ubuntu).

    To get a list of available images, run the following command:

    yc compute image list --folder-id standard-images
    

    Result:

    +----------------------+-------------------------------------+--------------------------+----------------------+--------+
    |          ID          |                NAME                 |          FAMILY          |     PRODUCT IDS      | STATUS |
    +----------------------+-------------------------------------+--------------------------+----------------------+--------+
    ...
    | fdvk34al8k5nltb58shr | centos-7-1549279494                 | centos-7                 | dqni65lfhvv2den5gtv9 | READY  |
    | fdv7ooobjfl3ts9gqp0q | windows-2016-gvlk-1548913814        | windows-2016-gvlk        | dqnnc72gj2ist3ktjj1p | READY  |
    | fdv4f5kv5cvf3ohu4flt | ubuntu-1604-lts-1549457823          | ubuntu-1604-lts          | dqnnb6dc7640c5i968ro | READY  |
    ...
    +----------------------+-------------------------------------+--------------------------+----------------------+--------+
    
  3. Create a VM in the default folder:

    yc compute instance create \
      --name first-instance \
      --zone ru-central1-a \
      --network-interface subnet-name=default-a,nat-ip-version=ipv4 \
      --create-boot-disk image-folder-id=standard-images,image-family=ubuntu-1604-lts \
      --metadata-from-file ssh-keys=sshkeys.txt \
      --metadata serial-port-enable=1
    

    This command will create a VM:

    • With Ubuntu.
    • Named first-instance.
    • In the ru-central1-a zone.
    • With the serial console active.

    A user named yc-user will be automatically created in the VM's OS with the specified public key.

Enabling the console when updating a VM

To enable access to the serial console when updating a VM, set the serial-port-enable parameter in the metadata to 1.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Get a list of VMs in the default folder:

    yc compute instance list
    +----------------------+-----------------+---------------+---------+----------------------+
    |          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
    +----------------------+-----------------+---------------+---------+----------------------+
    | fhm0b28lgfp4tkoa3jl6 | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
    | fhm9gk85nj7gcoji2f8s | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
    +----------------------+-----------------+---------------+---------+----------------------+
    
  2. Select the VM ID or NAME (for example, first-instance).

  3. Set serial-port-enable=1 in the VM metadata:

    yc compute instance add-metadata \
      --name first-instance \
      --metadata-from-file ssh-keys=sshkeys.txt \
      --metadata serial-port-enable=1
    

    The command will start activating the serial console on the VM named first-instance.

Configuring a VM for serial port access

To configure access via the serial console, a virtual machine must have a public IP address. You can look up the address in the management console in the Compute Cloud section on the Virtual machines page. If you created a virtual machine without a public IP address, you can assign it one. Once the configuration is complete, you can release the address. You do not need it for connections via the serial console.

For the serial console to be available from the OS, the OS must be configured properly:

  • Linux

Linux

To connect to the Linux serial console, make sure that password authentication is disabled for SSH and set a password for the appropriate OS user, if necessary.

Disable SSH password authentication

Note

SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex Cloud.

If you use your own image, make sure that SSH access with your username and password is disabled.

To disable SSH password authentication:

  1. Open the configuration file on the SSH server (/etc/ssh/sshd_config by default). Only a superuser has read and write access to the file.

  2. Set the PasswordAuthentication option to no.

  3. Restart the SSH server:

    sudo systemctl restart ssh
    

Create a password for the Linux user

Sometimes an OS might request user credentials to access the VM. Before connecting to such VMs, create a local password for the default user.

To create a local password, use the CLI.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Get a list of VMs in the default folder:

    yc compute instance list
    +----------------------+-----------------+---------------+---------+----------------------+
    |          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
    +----------------------+-----------------+---------------+---------+----------------------+
    | fhm0b28lgfp4tkoa3jl6 | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
    | fhm9gk85nj7gcoji2f8s | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
    +----------------------+-----------------+---------------+---------+----------------------+
    
  2. Select the VM ID or NAME (for example, first-instance).

  3. Get the public IP address of the VM.

    yc compute instance get first-instance
    

    In the command output, find the address of the VM in the one_to_one_nat section:

    ...
    one_to_one_nat:
      address: <public IP address>
      ip_version: IPV4
    ...
    
  4. Connect to the VM. For more information, see Connecting to a VM.

  5. Create a local password. In Linux, you can set a password using the passwd command:

    sudo passwd <username>
    

    Example for yc-user:

    sudo passwd yc-user
    
  6. Terminate the SSH session with the exit command.

Was the article helpful?

Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
In this article:
  • Before you begin
  • Enabling the console when creating a VM from a public image
  • Enabling the console when updating a VM
  • Configuring a VM for serial port access
  • Linux