Accessing a Windows VM
You can access a Windows virtual machine (VM) using a remote desktop application. For example, Microsoft Remote Desktop enables you to connect to Windows VMs from a Windows or macOS operating system.
Before accessing a Windows VM, you need to decrypt the password of its administrator account. This is done using the private key of the keypair that you associated with the VM.
|
This procedure only applies to VMs based on official OMIs, using the default keypair authentication system. In other cases, the connection process can differ. For more information, see About Keypairs. |
Decrypting the Password of the VM
Decrypting the Password of the VM Using Cockpit v2
Before you begin: Ensure the Windows VM is ready.
|
-
Click inside the VMs dashboard to make checkboxes appear.
-
Check the box of the VM you want the password from.
The VM is selected and an action menu appears. -
Click
Read password.
The READ PASSWORD dialog box appears. -
Click
Upload.
A window appears. -
Select the .rsa file containing the private key of the keypair associated with the VM.
Only RSA keypairs can decrypt the password of a Windows VM.
-
Click Submit.
The administrator password of the VM is decrypted and downloaded on your computer as a .txt file.The password also appears in a temporary notification at the bottom right of the page.
Decrypting the Password of the Instance Using Cockpit v1
Cockpit v1 is no longer fixed nor supported. Cockpit v1 is no longer available in the cloudgouv-eu-west-1 Region. For more information, see End-of-Life Policy. |
Before you begin: Ensure the Windows instance is ready.
|
-
Click Compute > Instances.
-
Click the instance you want the password from.
The instance is selected. -
Click Get password .
The XXX: GET PASSWORD dialog box appears. -
Click Choose file.
A window appears. -
Select the .rsa file containing the private key of the keypair associated with the instance.
Only RSA keypairs can decrypt the password of a Windows VM.
-
Click OK to validate.
The administrator password of the instance decrypted and is downloaded on your computer as a .txt file.The password also appears in a temporary notification at the top of the page.
Decrypting the Password of the VM Using OSC CLI
Before you begin: Ensure the Windows VM is ready.
|
The ReadAdminPassword command gets the administrator password for a Windows running virtual machine (VM).
The administrator password is encrypted using the keypair you specified when launching the VM.
|
$ osc-cli api ReadAdminPassword --profile "default" \
--VmId "i-12345678"
This command contains the following attributes that you need to specify:
-
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action. -
VmId
: The ID of the VM.
The ReadAdminPassword command returns the following elements:
-
AdminPassword
: The password of the VM. After the first boot, returns an empty string. -
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
-
VmId
: The ID of the VM.
{
"VmId": "i-12345678",
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"AdminPassword": "..."
}
Decrypting the Password of the Instance Using AWS CLI
Before you begin: Ensure the Windows instance is ready.
|
To decode and decrypt the administrator password of the instance, use the get-password-data command following this syntax:
$ aws ec2 get-password-data \
--profile YOUR_PROFILE \
--instance-id i-12345678 \
--priv-launch-key ~/.ssh/keypair.rsa \
--endpoint https://fcu.eu-west-2.outscale.com
This command contains the following attributes that you need to specify:
-
(optional)
profile
: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
instance-id
: The ID of the instance you want to access. -
priv-launch-key
: The path to the .rsa file containing the private key of the keypair on your computer. -
endpoint
: The endpoint corresponding to the Region you want to send the request to.
The get-password-data command returns the following elements:
-
InstanceId
: The ID of the instance. -
PasswordData
: The administrator password of the instance. -
Timestamp
: The time the console output was updated for the last time, in ISO 8601 format.
{
"InstanceId": "i-123456789",
"PasswordData": "/XxYy12Z*z",
"Timestamp": "2018-03-26T13:01:33.176Z"
}
Decrypting the Password of the Instance Using a Bash Script
Before you begin: Ensure the Windows instance is ready.
|
-
To retrieve the administrator password encoded in Base64, view the console output of the instance. For more information, see Viewing the Console Output of a VM.
4/26/2017 11:50:17 AM : ============================================== 4/26/2017 11:50:17 AM : OS : Microsoft Windows NT 10.0.14393 4/26/2017 11:50:17 AM : OsVersion : 10.0.14393 4/26/2017 11:50:17 AM : OsProductName : Microsoft Windows Server 2016 Datacenter 4/26/2017 11:50:17 AM : Language : en-US 4/26/2017 11:50:17 AM : AMI-ID : ami-12345678 4/26/2017 11:50:17 AM : Instance-ID : i-12345678 4/26/2017 11:50:17 AM : Username : Administrator 4/26/2017 11:50:18 AM : Password : <Password>A123BcdEfgh4iJk/LmNo5pq+rSTuVWXYzAb6CDEfg78g9HIJ012Kl3m4NOpqrstuVWX5yzABcdEfgHYjkLMnoPqr/StUvwXyzA6bCdE/7FgHIjKLMN/OP8qRst9UvW0X1yZABCD2Ef34GHijKlmN5OhyrdoarduIEd7z/ejqWXcVFmgzOkqBgPVyrKR/eD6J8rq0Kq55DQjK5GF1hoDGDgCaAQ5DpkW0pw34CM5ak7UmV22veRhR0To94IvAnpi0sHH/LSraqfIWnoebouUjIK9dFdvYCtds4JfqThPIjZYQYn+DgaKqGFt2m1SdKRwqwGGb3pityiaUZ0P0MUemw==</Password> 4/26/2017 11:50:18 AM : Message : Windows is ready to use
-
In the console output, copy the Base64-encoded password located between the
<password
>…</password>
tags and save it in a text file on your machine. -
To decode the Base64-encoded password, and then decrypt it using the private key, use the following command:
Request sample$ base64 --decode --input ~/Documents/instance_password.txt | openssl rsautl -decrypt -inkey ~/.ssh/keypair.rsa
This command contains the following attributes that you need to specify:
-
input
: The path to the file containing the encoded password on your computer. -
inkey
: The path to the .rsa file containing the private key of the keypair on your computerThe password for the instance is returned.
-
Access the Instance Using Microsoft Remote Desktop
Before you begin:
|
-
Open Microsoft Remote Desktop.
-
Connect to the instance using its public IP and administrator password.
-
The default user for Windows instances created from official OMIs is
administrator
. -
If you are using a VPN or a DirectLink connection, you can use the private IP of the instance.
You now have access to the desktop of the Windows instance.
-
Related Pages
Corresponding API Methods
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.