I previously wrote a short article detailing how to connect to a Windows VM in Oracle Cloud Infrastructure (OCI) using the console. I should be more precise: the post details how to connect to a “server with desktop experience”. Windows Core is different, but that doesn’t matter right now.

This post however describes how to connect to a Linux Compute VM’s OCI serial console using MacOS 26.3.1(a) as a client. Just as before, I’m using the OCI command line interface (CLI) to create the connection. Relying on the CLI saves me from having to update screenshots 🤣

Create the console connection

After you obtained your OCI VM’s unique identifier, the so-called OCID, you can create a local console connection as follows using the OCI cli (make sure to export the INSTANCE_OCID environment variable using your instance’s OCID)

$ oci compute instance-console-connection create \
--instance-id ${INSTANCE_OCID} \
--ssh-public-key-file /path/to/public/key

You should provide the path to your public OCI key to the command. The matching private key should be added to the SSH agent:

$ ssh-add /path/to/matching/private/key

The above command will tell you that it successfully added an identity to the SSH agent. You could provide it on the command line as well, but that’s making a command that’s too long already even more unwieldy …

By the way, please pay attention to the JSON output returned by the OCI cli instance-console-connection command: it contains the connection-string you need. In case you missed it, or accidentally closed your terminal, you can get the connection details using the following OCI cli call. Again, export the compartment’s OCID in your session before you hit the return key, your instance OCID should still be exported from the prior step

$ oci compute instance-console-connection list \
--compartment-id ${COMPARTMENT_OCID} \
--query "data [?\"instance-id\" == '${INSTANCE_OCID}' && \"lifecycle-state\" == 'ACTIVE' ].\"connection-string\""

This query returns an array of console connections, most often it’s just one.

Make sure to review the list and pick the appropriate connection command. In case you don’t get data, your serial connection hasn’t been created yet and you should retry a few seconds later.

Establish the console session

You are nearly there! The console connection command returned by oci compute instance-console-connection list should look like this, formatted for readability:

ssh -o ProxyCommand='ssh -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.eu-frankfurt-1.anthelj...6hykq@instance-console.eu-frankfurt-1.oci.oraclecloud.com' \
ocid1.instance.oc1.eu-frankfurt-1.anthe...ok2q

You essentially use a jump host (proxy) to access your serial console. At the time of writing, there’s a caveat though. The jump host uses a protocol that’s no longer enabled by default in MacOS, or OpenSSH 8.8 and later. This requires you to manually add a few options to your ssh client. Please check with your security department if you’re allowed to enable SHA-1 hashes (you can find all the details in OpenSSH’s release notes) before doing so.

Assuming you got the go-ahead to enable SHA-1, here’s the amended command that gets your console connection:

ssh \
-o HostkeyAlgorithms="+ssh-rsa" -o PubkeyAcceptedAlgorithms="+ssh-rsa" \
-o ProxyCommand='ssh -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.eu-frankfurt-1.ant...q@instance-console.eu-frankfurt-1.oci.oraclecloud.com' \
ocid1.instance.oc1.eu-frankfurt-1.an...2q

The change in line 2 enables communication with the jump host. And this is it: you now have a working serial console 🎉connection.

Happy troubleshooting!