All Products
Search

This Product

    Elastic Compute Service:Log on to an instance by using VNC

    Document Center

    Elastic Compute Service:Log on to an instance by using VNC

    Last Updated:Dec 25, 2024

    VNC enables remote connections to an ECS instance, supporting instances in Active or Stopped states, including during the operating system startup phase. This method is also useful for troubleshooting instance issues. This topic outlines how to use VNC for logging on to an instance via the console.

    Important

    As of July 10, 2023, VNC remote connection no longer requires a separate login password. Secure access to ECS instances is possible using the instance's login credentials.

    Following a security enhancement on July 10, 2023, Alibaba Cloud now manages authentication credentials and ensures end-to-end encryption for VNC logins to instances. Post-upgrade, instance usernames and passwords are sufficient for login without specifying VNC login passwords.

    What is VNC remote connection?

    VNC is a method for connecting to instances, based directly on the underlying physical server of the ECS instance. It supports connections to instances in Active or Stopped states. Users can view the real-time interface of the instance's operating system (Linux systems may not have a graphical interface by default). VNC connections are not affected by security group settings or software running on the instance, providing a reliable means to address connection issues.

    Most remote connection tools depend on system services like SSH (Secure Shell), which may fail or not start, blocking remote access. VNC operates at a lower level, remaining functional even when such issues arise, aiding in troubleshooting and repair.

    In Simple Application Server, VNC remote connection is referred to as Rescue Logon. For additional details, see using the rescue connection server.

    Prerequisites

    The instance is in active or stopped status

    To connect via VNC, the target instance must be in Active or Stopped status. The status can be checked on the Instance page in the ECS console, as illustrated below:

    For details on viewing an instance's status, see click here.

    image

    image

    Prepare the instance logon name and password

    When connecting via VNC, you'll be prompted for the instance's operating system login name and password.

    • Newly created instance

      For a new instance, use the login name and password set during creation. The default login name for Linux instances is root or ecs-user, and for Windows instances, it is administrator.

      For differences between user login names, see this guide.

      • Set login name and password when creating a Linux instanceimage

      • Set login name and password when creating a Windows instanceimage

    • Forgot login name

      If you've forgotten the login name, you can retrieve the initial login name from the instance console by following these steps:

      1. Access the instance console.image

      1. Locate the instance, click image, and select Reset Instance Password.

        image

      1. The initial login name is displayed as shown below.

        image

    • Forgot password or did not set instance password

      If you have forgotten your password or if you initially used a key pair for credentials when creating the instance, you will need to reset the instance password. Navigate to the ECS console, locate the instance for which you want to change the password, click image, then click Reset Instance Password. Follow the prompts to complete the password reset process. For detailed instructions on resetting the instance logon password, see Reset instance logon password.

      image

    RAM users need relevant permissions to use this feature

    When logging on to the Alibaba Cloud Management Console with a Resource Access Management (RAM) user, ensure the RAM user has the necessary permissions attached, adhering to the principle of least privilege. For details on granting permissions to RAM users, see Grant permissions to RAM users.

    To use VNC for connecting to an instance, you need permissions to query ECS instance details and the Web management terminal address, which are ecs:DescribeInstances and ecs:DescribeInstanceVncUrl. You can also limit the scope of instances that can be connected using the Resource element. For more configuration details, see fundamental components of a policy. 
    {
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecs:DescribeInstances",
        "ecs:DescribeInstanceVncUrl"
      ],
      "Resource": "*"
    }
  ]
}

    Procedure

    Important

    By default, a VNC connection session lasts approximately 300 seconds. If no actions are taken within this time, the connection will automatically close, requiring a new connection attempt.

    The main steps for connecting are as follows:

    Step 1: Find the instance to connect to

    First, identify the instance you want to connect to in the console.

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Instances & Images > Instances.

    3. In the top navigation bar, select the region and resource group to which the resource belongs. 地域

    4. On the Instance List page, locate the instance you want to connect to.

      image

    Step 2: Enter the VNC remote connection page

    Once you've found the instance, proceed to its VNC remote connection page.

    1. In the Actionscolumn for the desired instance, click Remote connection.

      image

    2. In the Remote connection dialog box that appears, click Show Other Logon Methods. Then click VNC and click Sign in now.

      image

      image

    3. The VNC remote connection page will be displayed as shown below.

      Important

      If the page displays the message "The current operation is not authorized. Please contact the primary account to grant RAM authorization before executing the operation", you must verify whether you have the necessary permissions to use VNC for connecting to the instance. For details on the required permissions, see RAM users need relevant permissions to use this feature.

      Linux instances

      Example using Alibaba Cloud Linux 3.

      image

      Windows instances

      Example using Windows Server 2025.

      image

    Step 3: Log on to the operating system in the instance

    The instance's remote connection page will display the operating system interface (Linux systems may not have a graphical interface by default). Login using the username and password.

    Note

    If you're uncertain of your logon credentials, refer to how to prepare your instance logon name and password. Should you need to reset a forgotten password, consult how to reset your instance logon password.

    Log on to Linux instances

    1. Enter the login user (e.g., root, ecs-user), and press the Enter key.

    2. Input the instance login password, press the Enter key, and wait for the login to complete.

      Important

      Password characters are not displayed when entering a password for Linux instances. Ensure accuracy when typing your password.

      If you're uncertain of your logon password or encounter the Login Incorrect error during connection, you can reset your instance password and attempt to log on again. For more information, see Reset instance logon password.

    3. Upon successful login, you will enter the operating system.

      The interface after a successful login is shown below.

      image

    Important

    • A persistent black screen may indicate the instance is in sleep mode. Press any key to wake the instance.

    • You can switch between different VNC management terminals to connect to Linux instances. The default is CTRL+ALT+F1, and up to 10 are supported. For example, select Send Remote Command > CTRL+ALT+F2 in the upper left corner of the interface to switch to the second virtual terminal.

    Log on to Windows instances

    1. Click Send Remote Command > CTRL+ALT+DELETE in the upper left corner to unlock the Windows system screen.

    2. Select the user account (default is Administrator), enter the instance login password, and press Enter to access the Windows system.

    image

    image

    More features

    Paste operation (Copy command input)

    Important

    This feature supports up to 2000 characters and does not currently support special characters such as Chinese or other non-standard keyboard inputs.

    To copy lengthy text or commands from an on-premises device to an instance, like a file download URL, use the Copy Command Input feature.

    1. Connect to the instance using VNC.

    2. In the upper left corner, click Copy Command Input.

    3. In the Text Content dialog box, enter the content to be copied, then click OK.

    Send remote command

    Remote commands can be sent to manage VNC connections. For Linux instances, switch between virtual terminals using CTRL+ALT+F1 to F10. For Windows instances, use CTRL+ALT+DELETE to unlock the system screen.

    1. Connect to the instance using VNC.

    2. In the upper left corner, click Send Remote Command, then select the desired command from the dropdown menu to complete the operation.

      image

    FAQ

    For troubleshooting VNC connection issues with an instance, refer to VNC Connection Issues to an Instance.

    References

    To customize a remote connection client through coding, you can invoke the DescribeInstanceVncUrl API to retrieve the VNC login URL for remote access to ECS instances.