If you cannot connect to an Elastic Compute Service (ECS) instance by using Workbench or third-party connection tools, such as PuTTY, Xshell, and SecureCRT, you can connect to the instance by using Virtual Network Computing (VNC) and check the real-time status of the instance operating system.
Starting July 10, 2023, you can securely connect to ECS instances by using VNC without the need to provide VNC logon passwords.
On July 10, 2023, Alibaba Cloud performed a security upgrade on VNC. Starting July 10, 2023, Alibaba Cloud manages authentication credentials and performs end-to-end data encryption for VNC logon to instances. After the upgrade, you can enter instance usernames and passwords to log on to instances without the need to provide VNC logon passwords.
Prerequisites
The logon password of the ECS instance to which you want to connect is configured. If you did not configure a logon password for the instance or if you forgot the password, you must reset the password for the instance. For more information, see Reset the logon password of an instance.
If you log on to the Alibaba Cloud Management Console by using a Resource Access Management (RAM) user, the following policy is attached to the RAM user to grant the required permissions based on the principle of least privilege. For information about how to grant permissions to a RAM user, see Grant permissions to a RAM user.
The following policy includes the permissions to perform the
ecs:DescribeInstances
action, which is used to query information about ECS instances, and theecs:DescribeInstanceVncUrl
action, which is used to query the VNC connection address of an ECS instance:{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:DescribeInstances", "ecs:DescribeInstanceVncUrl" ], "Resource": "*" } ] }
Logon scenarios
If you cannot connect to an ECS instance by using Workbench or connection software, you can connect to the instance by using VNC and view the real-time status or issues of the instance operating system. The following table describes the scenarios in which you can connect to ECS instances by using VNC and the operations that you can perform after you connect to the instances.
Scenario | Operation after you connect to the instance by using VNC |
The operating system of an instance slowly starts due to specific system checks. | Check the self-check progress. |
The firewall in the operating system of an instance is accidentally enabled. | Disable the firewall. |
An instance is intruded, which causes a high CPU utilization and high bandwidth usage. | Troubleshoot and terminate abnormal processes. |
Procedure
By default, a VNC connection session lasts for approximately 300 seconds. If you do not perform operations within 300 seconds, the VNC connection to the instance is automatically closed. You must reconnect to the instance.
The following figure shows how to use VNC to connect to an instance.
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
On the Instance page, find the instance to which you want to connect and click Remote connection in the Actions column.
In the Remote connection dialog box, click Show Other Logon Methods. Then, click Sign in now in the VNC section.
Log on to the operating system of the instance.
Linux instance
Enter a username, such as root or ecs-user, and press the
Enter
key.Enter the password that corresponds to the username and press the
Enter
key.NoteThe password characters are hidden when you enter the password to log on to a Linux instance. Make sure that the password that you enter is correct.
You can switch between up to 10 different VNC management terminals when you connect to the Linux instance. The default terminal is CTRL+ALT+F1. For example, you can choose
to switch to CTRL+ALT+F2. A persistent black screen indicates that the instance is in sleep mode. Press a key to wake up the instance.
Windows instance
In the upper-left corner of the page that appears, choose
.Select a username, enter the password, and then press the Enter key to log on to the instance. The default username is Administrator.
Copy long commands
If you want to copy a long text, such as a download URL, from your computer to an instance, you can use the command copy feature.
Connect to the instance by using VNC.
In the upper-left corner of the page that appears, click Enter Copy Commands.
In the Copy and Paste Commands dialog box, enter the content that you want to copy to the instance and click OK.
Reference
When you customize a remote connection client through code, you can call the DescribeInstanceVncUrl operation to obtain the WebSocketUrl
that is used to connect to an ECS instance.