All Products
Search
Document Center

Elastic Compute Service:Connect to an instance with VNC

Last Updated:May 15, 2026

Access the instance console directly in your browser when SSH or RDP is unavailable, such as during OS startup or network failures.

Use VNC only for emergency operations and troubleshooting. For routine remote access, use SSH (Linux) or RDP (Windows).

In Simple Application Server, this feature is called Rescue Logon. See Connect to a simple application server by using the rescue feature.

When to use VNC

Scenario VNC appropriate?
SSH service failed or not started Yes
OS is starting up and you need console access Yes
Instance is in Stopping state Yes
Security group rules block your connection Yes
Routine remote administration No — use SSH or RDP
Instance is in Stopped state No — VNC is unavailable

Limitations

  • VNC is not supported on ecs.ebmhfc7.48xlarge bare metal instances.

  • Internet connectivity is not required, but you must log on to the Alibaba Cloud Management Console.

  • VNC connects only to Alibaba Cloud instances.

  • Linux instances do not include a GUI by default.

Before you begin

Review these constraints before connecting:

  • Session timeout: VNC disconnects after 300 seconds of inactivity. Reconnect if this occurs.

  • Instance state: Instance must be in Running or Stopping state.

  • Credentials required: Have the instance logon username and password ready. Authentication is password-based. Starting July 10, 2023, Alibaba Cloud manages authentication credentials and performs end-to-end encryption for VNC logon, removing the need for a separate VNC password.

  • Copy-paste limit: Enter Copy Commands supports up to 2,000 characters. Special characters, including Chinese characters, are not supported.

Prerequisites

Ensure the following:

  • ECS instance is in Running or Stopping state.

  • Instance OS logon username and password are available.

  • (RAM users) ecs:DescribeInstances and ecs:DescribeInstanceVncUrl permissions are granted.

Get the instance logon username

Default usernames: root or ecs-user (Linux), administrator (Windows). To look up the initial username in the ECS console:

  1. Go to ECS console - Instance.

  2. Find the instance, click the image icon, and click Reset Instance Password.

  3. The initial logon username is displayed.

    image

See Manage logon users for instances.

Reset a forgotten or missing logon password

If you forgot the password or used an SSH key pair as the credential, reset the password:

  1. In the ECS console, find your instance.

  2. Click the image icon, then select Reset Instance Password.

    image

  3. Set a new password as prompted.

See Reset the logon password of an instance.

Grant permissions to a RAM user

If you use a Resource Access Management (RAM) user, attach the following policy to grant the minimum permissions. See Grant permissions to a RAM user.

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecs:DescribeInstances",
        "ecs:DescribeInstanceVncUrl"
      ],
      "Resource": "*"
    }
  ]
}

ecs:DescribeInstances queries instance information. ecs:DescribeInstanceVncUrl retrieves the VNC connection URL. Use the Resource element to restrict access to specific instances. See Resource.

Connect to an instance

Step 1: Find the instance

  1. Go to ECS console - Instance.

  2. In the top navigation bar, select the region and resource group.

    Region

  3. On the Instance page, click the instance ID to open its details page.

    image image

Step 2: Open the VNC connection page

  1. Click Connect. In the Remote connection dialog box, click Show Other Logon Methods, then click Sign in now in the VNC section.

    Important

    If the message "You do not have the permissions to perform this operation. Ask the Alibaba Cloud account to grant the permissions in the RAM console and try again later." appears, check that your RAM user has the required permissions. See Grant permissions to a RAM user above.

    image image

Step 3: Log on to the instance OS

Log on with the instance OS username and password.

Linux instance

In this example, an instance running Alibaba Cloud Linux 3 is used.
image
  1. Enter the username (e.g., root or ecs-user) and press Enter.

  2. Enter the password and press Enter.

    Important

    Password characters are hidden as you type. If you see a Login Incorrect error, reset the logon password and try again.

  3. Verify the logon succeeded.

    image

Important
  • A persistent black screen indicates sleep mode. Press any key to wake it.

  • Switch between up to 10 management terminals with Send Remote Commands > CTRL+ALT+F1 through CTRL+ALT+F10. Default: CTRL+ALT+F1.

Windows instance

In this example, an instance running Windows Server 2025 is used.
image
  1. Choose Send Remote Commands > CTRL+ALT+DELETE to unlock the OS.

  2. Select a username, enter the password, and press Enter. The default username is Administrator.

    image image

More operations

Copy and paste content

Direct copy-paste from your local machine to the instance is not supported. Use Enter Copy Commands instead.

Important

Limited to 2,000 characters. Special characters, including Chinese characters, are not supported.

  1. Connect to the instance with VNC.

  2. Position the cursor where you want to paste content.

  3. In the upper-left corner, click Enter Copy Commands.

  4. In the Copy and Paste Commands dialog box, enter content and click OK.

Send remote commands

Use Send Remote Commands to send keyboard shortcuts to the instance. For Linux, select CTRL+ALT+F1 through CTRL+ALT+F10 to switch terminals. For Windows, select CTRL+ALT+DELETE to unlock the OS.

  1. Connect to the instance with VNC.

  2. In the upper-left corner, click Send Remote Commands and select a command.

    In this example, Windows is used.

    image

FAQ

For VNC connection issues, see VNC connection issues.

Next steps

To connect programmatically, call DescribeInstanceVncUrl to get the VNC URL.

References