Access the instance console directly in your browser when SSH or RDP is unavailable, such as during OS startup or network failures.
Use VNC only for emergency operations and troubleshooting. For routine remote access, use SSH (Linux) or RDP (Windows).
In Simple Application Server, this feature is called Rescue Logon. See Connect to a simple application server by using the rescue feature.
When to use VNC
| Scenario | VNC appropriate? |
|---|---|
| SSH service failed or not started | Yes |
| OS is starting up and you need console access | Yes |
| Instance is in Stopping state | Yes |
| Security group rules block your connection | Yes |
| Routine remote administration | No — use SSH or RDP |
| Instance is in Stopped state | No — VNC is unavailable |
Limitations
-
VNC is not supported on
ecs.ebmhfc7.48xlargebare metal instances. -
Internet connectivity is not required, but you must log on to the Alibaba Cloud Management Console.
-
VNC connects only to Alibaba Cloud instances.
-
Linux instances do not include a GUI by default.
Before you begin
Review these constraints before connecting:
-
Session timeout: VNC disconnects after 300 seconds of inactivity. Reconnect if this occurs.
-
Instance state: Instance must be in Running or Stopping state.
-
Credentials required: Have the instance logon username and password ready. Authentication is password-based. Starting July 10, 2023, Alibaba Cloud manages authentication credentials and performs end-to-end encryption for VNC logon, removing the need for a separate VNC password.
-
Copy-paste limit: Enter Copy Commands supports up to 2,000 characters. Special characters, including Chinese characters, are not supported.
Prerequisites
Ensure the following:
-
ECS instance is in Running or Stopping state.
-
Instance OS logon username and password are available.
-
(RAM users)
ecs:DescribeInstancesandecs:DescribeInstanceVncUrlpermissions are granted.
Get the instance logon username
Default usernames: root or ecs-user (Linux), administrator (Windows). To look up the initial username in the ECS console:
-
Go to ECS console - Instance.
-
Find the instance, click the
icon, and click Reset Instance Password. -
The initial logon username is displayed.

Reset a forgotten or missing logon password
If you forgot the password or used an SSH key pair as the credential, reset the password:
-
In the ECS console, find your instance.
-
Click the
icon, then select Reset Instance Password.
-
Set a new password as prompted.
Grant permissions to a RAM user
If you use a Resource Access Management (RAM) user, attach the following policy to grant the minimum permissions. See Grant permissions to a RAM user.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:DescribeInstances",
"ecs:DescribeInstanceVncUrl"
],
"Resource": "*"
}
]
}
ecs:DescribeInstances queries instance information. ecs:DescribeInstanceVncUrl retrieves the VNC connection URL. Use the Resource element to restrict access to specific instances. See Resource.
Connect to an instance
Step 1: Find the instance
-
Go to ECS console - Instance.
-
In the top navigation bar, select the region and resource group.

-
On the Instance page, click the instance ID to open its details page.


Step 2: Open the VNC connection page
-
Click Connect. In the Remote connection dialog box, click Show Other Logon Methods, then click Sign in now in the VNC section.
ImportantIf the message "You do not have the permissions to perform this operation. Ask the Alibaba Cloud account to grant the permissions in the RAM console and try again later." appears, check that your RAM user has the required permissions. See Grant permissions to a RAM user above.


Step 3: Log on to the instance OS
Log on with the instance OS username and password.
Linux instance
In this example, an instance running Alibaba Cloud Linux 3 is used.
-
Enter the username (e.g.,
rootorecs-user) and press Enter. -
Enter the password and press Enter.
ImportantPassword characters are hidden as you type. If you see a
Login Incorrecterror, reset the logon password and try again. -
Verify the logon succeeded.

-
A persistent black screen indicates sleep mode. Press any key to wake it.
-
Switch between up to 10 management terminals with Send Remote Commands > CTRL+ALT+F1 through CTRL+ALT+F10. Default: CTRL+ALT+F1.
Windows instance
In this example, an instance running Windows Server 2025 is used.
-
Choose Send Remote Commands > CTRL+ALT+DELETE to unlock the OS.
-
Select a username, enter the password, and press Enter. The default username is
Administrator.

More operations
Copy and paste content
Direct copy-paste from your local machine to the instance is not supported. Use Enter Copy Commands instead.
Limited to 2,000 characters. Special characters, including Chinese characters, are not supported.
-
Connect to the instance with VNC.
-
Position the cursor where you want to paste content.
-
In the upper-left corner, click Enter Copy Commands.
-
In the Copy and Paste Commands dialog box, enter content and click OK.
Send remote commands
Use Send Remote Commands to send keyboard shortcuts to the instance. For Linux, select CTRL+ALT+F1 through CTRL+ALT+F10 to switch terminals. For Windows, select CTRL+ALT+DELETE to unlock the OS.
-
Connect to the instance with VNC.
-
In the upper-left corner, click Send Remote Commands and select a command.
In this example, Windows is used.

FAQ
For VNC connection issues, see VNC connection issues.
Next steps
To connect programmatically, call DescribeInstanceVncUrl to get the VNC URL.