All Products
Search
Document Center

Elastic Compute Service:Connect to an instance by using VNC

Last Updated:Dec 11, 2024

If you cannot connect to an Elastic Compute Service (ECS) instance by using Workbench or third-party connection tools, such as PuTTY, Xshell, and SecureCRT, you can connect to the instance by using Virtual Network Computing (VNC) and check the real-time status of the instance operating system.

Important

Starting July 10, 2023, you can securely connect to ECS instances by using VNC without the need to provide VNC logon passwords.

On July 10, 2023, Alibaba Cloud performed a security upgrade on VNC. Starting July 10, 2023, Alibaba Cloud manages authentication credentials and performs end-to-end data encryption for VNC logon to instances. After the upgrade, you can enter instance usernames and passwords to log on to instances without the need to provide VNC logon passwords.

Prerequisites

  • The logon password of the ECS instance to which you want to connect is configured. If you did not configure a logon password for the instance or if you forgot the password, you must reset the password for the instance. For more information, see Reset the logon password of an instance.

  • If you log on to the Alibaba Cloud Management Console by using a Resource Access Management (RAM) user, the following policy is attached to the RAM user to grant the required permissions based on the principle of least privilege. For information about how to grant permissions to a RAM user, see Grant permissions to a RAM user.

    The following policy includes the permissions to perform the ecs:DescribeInstances action, which is used to query information about ECS instances, and the ecs:DescribeInstanceVncUrl action, which is used to query the VNC connection address of an ECS instance:
    {
      "Version": "1",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "ecs:DescribeInstances",
            "ecs:DescribeInstanceVncUrl"
          ],
          "Resource": "*"
        }
      ]
    }

Logon scenarios

If you cannot connect to an ECS instance by using Workbench or connection software, you can connect to the instance by using VNC and view the real-time status or issues of the instance operating system. The following table describes the scenarios in which you can connect to ECS instances by using VNC and the operations that you can perform after you connect to the instances.

Scenario

Operation after you connect to the instance by using VNC

The operating system of an instance slowly starts due to specific system checks.

Check the self-check progress.

The firewall in the operating system of an instance is accidentally enabled.

Disable the firewall.

An instance is intruded, which causes a high CPU utilization and high bandwidth usage.

Troubleshoot and terminate abnormal processes.

Procedure

By default, a VNC connection session lasts for approximately 300 seconds. If you do not perform operations within 300 seconds, the VNC connection to the instance is automatically closed. You must reconnect to the instance.

The following figure shows how to use VNC to connect to an instance.

image
  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Instances & Images > Instances.

  3. In the top navigation bar, select the region and resource group to which the resource belongs. 地域

  4. On the Instance page, find the instance to which you want to connect and click Remote connection in the Actions column.

  5. In the Remote connection dialog box, click Show Other Logon Methods. Then, click Sign in now in the VNC section.

    image.png

  6. Log on to the operating system of the instance.

    Linux instance

    1. Enter a username, such as root or ecs-user, and press the Enter key.

    2. Enter the password that corresponds to the username and press the Enter key.

      Note

      The password characters are hidden when you enter the password to log on to a Linux instance. Make sure that the password that you enter is correct.

      You can switch between up to 10 different VNC management terminals when you connect to the Linux instance. The default terminal is CTRL+ALT+F1. For example, you can choose Send Remote Call > CTRL+ALT+F2 to switch to CTRL+ALT+F2. A persistent black screen indicates that the instance is in sleep mode. Press a key to wake up the instance.

    Windows instance

    1. In the upper-left corner of the page that appears, choose Send Remote Commands > CTRL+ALT+DELETE.

      window按键

    2. Select a username, enter the password, and then press the Enter key to log on to the instance. The default username is Administrator.

Copy long commands

If you want to copy a long text, such as a download URL, from your computer to an instance, you can use the command copy feature.

  1. Connect to the instance by using VNC.

  2. In the upper-left corner of the page that appears, click Enter Copy Commands.

  3. In the Copy and Paste Commands dialog box, enter the content that you want to copy to the instance and click OK.

Reference

When you customize a remote connection client through code, you can call the DescribeInstanceVncUrl operation to obtain the WebSocketUrl that is used to connect to an ECS instance.