Getting started with the serial console

The serial console allows you to access a VM regardless of the network or OS status. For example, you can use the console for troubleshooting VM issues or when there are problems with SSH access.

Serial console access is disabled by default.

Before you start

Before you enable serial console access on a VM:

1. Prepare the key pair (public and private keys) for SSH access to the VM. The serial console authenticates users via SSH keys.

2. Create a text file (for example, sshkeys.txt) and specify the following:

   <username>:<user's public SSH key>
   

   Example of a text file for yc-user:

   yc-user:ssh-rsa AAAAB3Nza......OjbSMRX yc-user@example.com
   

   By default, a user's SSH keys are stored in the ~/.ssh directory of this user. You can get a public key by running cat ~/.ssh/<public key name>.pub.

Enabling the console when creating a VM from a public image

To enable access to the serial console when creating a VM, set the serial-port-enable parameter in the metadata to 1.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

Enabling the console when updating a VM

To enable access to the serial console when updating a VM, set the serial-port-enable parameter in the metadata to 1.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

1. Get a list of VMs in the default folder:

   yc compute instance list
   +----------------------+-----------------+---------------+---------+----------------------+
   |          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
   +----------------------+-----------------+---------------+---------+----------------------+
   | fhm0b28lgfp4tkoa3jl6 | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
   | fhm9gk85nj7gcoji2f8s | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
   +----------------------+-----------------+---------------+---------+----------------------+
   

2. Select the VM ID or NAME (for example, first-instance).

3. Set serial-port-enable=1 in the VM metadata:

   yc compute instance add-metadata \
     --name first-instance \
     --metadata-from-file ssh-keys=sshkeys.txt \
     --metadata serial-port-enable=1
   

   The command will start activating the serial console on the VM named first-instance.

Configuring a VM for serial port access

To configure access via the serial console, a virtual machine must have a public IP address. You can look up the address in the management console in the Compute Cloud section on the Virtual machines page. If you created a virtual machine without a public IP address, you can assign it one. Once the configuration is complete, you can release the address. You do not need it for connections via the serial console.

For the serial console to be available from the OS, the OS must be configured properly:

• Linux
• Windows

Linux

To connect to the Linux serial console, make sure that password authentication is disabled for SSH and set a password for the appropriate OS user, if necessary.

Disable SSH password authentication

If you use your own image, make sure that SSH access with your username and password is disabled.

To disable SSH password authentication:

1. Open the configuration file on the SSH server (/etc/ssh/sshd_config by default). Only a superuser has read and write access to the file.

2. Set the PasswordAuthentication option to no.

3. Restart the SSH server:

   sudo systemctl restart ssh
   

Create a password for the Linux user

Sometimes an OS might request user credentials to access the VM. Before connecting to such VMs, create a local password for the default user.

To create a local password, use the CLI.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

1. Get a list of VMs in the default folder:

   yc compute instance list
   +----------------------+-----------------+---------------+---------+----------------------+
   |          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
   +----------------------+-----------------+---------------+---------+----------------------+
   | fhm0b28lgfp4tkoa3jl6 | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
   | fhm9gk85nj7gcoji2f8s | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
   +----------------------+-----------------+---------------+---------+----------------------+
   

2. Select the VM ID or NAME (for example, first-instance).

3. Get the public IP address of the VM.

   yc compute instance get first-instance
   

   In the command output, find the address of the VM in the one_to_one_nat section:

   ...
   one_to_one_nat:
     address: <public IP address>
     ip_version: IPV4
   ...
   

4. Connect to the VM. For more information, see Connecting to a VM.

5. Create a local password. In Linux, you can set a password using the passwd command:

   sudo passwd <username>
   

   Example for yc-user:

   sudo passwd yc-user
   

6. Terminate the SSH session with the exit command.

Windows

An equivalent of the serial console in Windows is the Speicial Administration Console (SAC).

If you created the VM before February 22, 2019, you need to update the Windows registry to connect to the SAC:

1. Connect to the VM via RDP.

2. To do this, run cmd or PowerShell and execute the following commands:

   bcdedit /ems "{current}" on
   The operation completed successfully.
   
   bcdedit /emssettings EMSPORT:2 EMSBAUDRATE:115200
   The operation completed successfully.
   

3. Restart the VM.