# Accessing the system ```{note} These instructions assume IncusOS deployed with the Incus application. When using it with Operations Center or Migration Manager, use their respective command line client or web UI instead. ``` ## Getting the IP address The first step in accessing an IncusOS system is by finding its IP address. This can be done by looking at the bottom of the screen on the running system. ![IncusOS running screen](../images/incusos-started.png) The documentation below uses `192.0.2.100` as the IP address of the IncusOS system. ## Connecting to IncusOS `````{tabs} ````{group-tab} Command line After the install completes, you will be shown a list of IP addresses in the network configuration footer. Pick one and add IncusOS as a remote Incus server: $ incus remote add IncusOS 192.0.2.100 Certificate fingerprint: 80d569e9244a421f3a3d60d46631eb717f8a0a480f2f23ee729a4c1c016875f7 ok (y/n/[fingerprint])? y $ incus remote list +-----------------+------------------------------------+---------------+-------------+--------+--------+--------+ | NAME | URL | PROTOCOL | AUTH TYPE | PUBLIC | STATIC | GLOBAL | +-----------------+------------------------------------+---------------+-------------+--------+--------+--------+ | IncusOS | https://192.0.2.100:8443 | incus | tls | NO | NO | NO | +-----------------+------------------------------------+---------------+-------------+--------+--------+--------+ | images | https://images.linuxcontainers.org | simplestreams | none | YES | NO | NO | +-----------------+------------------------------------+---------------+-------------+--------+--------+--------+ | local (current) | unix:// | incus | file access | NO | YES | NO | +-----------------+------------------------------------+---------------+-------------+--------+--------+--------+ Once the remote is added, you can interact with it like any other Incus server: $ incus launch images:debian/trixie IncusOS:trixie Launching trixie $ incus list +---------------+---------+------------------------+--------------------------------------------------+-----------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +---------------+---------+------------------------+--------------------------------------------------+-----------------+-----------+ | test-incus-os | RUNNING | 10.25.170.1 (incusbr0) | fd42:612d:f700:5f6e::1 (incusbr0) | VIRTUAL-MACHINE | 0 | | | | 192.0.2.100 (enp5s0) | fd42:3cfb:8972:3990:1266:6aff:feab:9439 (enp5s0) | | | +---------------+---------+------------------------+--------------------------------------------------+-----------------+-----------+ $ incus list IncusOS: +--------+---------+----------------------+------------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +--------+---------+----------------------+------------------------------------------------+-----------+-----------+ | trixie | RUNNING | 10.25.170.218 (eth0) | fd42:612d:f700:5f6e:1266:6aff:fe39:d31f (eth0) | CONTAINER | 0 | +--------+---------+----------------------+------------------------------------------------+-----------+-----------+ ```` ````{group-tab} Web interface The Incus UI is also available for web access. For this to work, the client certificate provided at image creation time must be imported as a user certificate in your web browser. ```{tip} The exact process of adding a user certificate varies between browsers and operating systems, but generally involves importing a PKCS#12 certificate into the web browser's certificate store. A PKCS#12 certificate can be generated from the Incus client key/certificate pair by running openssl pkcs12 -export -inkey ~/.config/incus/client.key -in ~/.config/incus/client.crt -out ~/.config/incus/client.pfx ``` Once the user certificate is imported, you can access the UI at `https://192.0.2.100:8443` ![Incus UI with running instances](../images/incus-webui-instances.png) ```` ````` ## Fetching the encryption recovery key IncusOS will warn you if you haven't retrieved the encryption recovery key. You can do so with the following command. Make sure to store the key someplace safe! ```{note} This step is currently only possible through the command line client. ``` ``` $ incus admin os system security show WARNING: The IncusOS API and configuration is subject to change config: encryption_recovery_keys: - fkrjjenn-tbtjbjgh-jtvvchjr-ctienevu-crknfkvi-vjlvblhl-kbneribu-htjtldch state: encrypted_volumes: - state: unlocked (TPM) volume: root - state: unlocked (TPM) volume: swap encryption_recovery_keys_retrieved: true pool_recovery_keys: local: F7zrtdHEaivKqofZbVFs2EeANyK77DbLi6Z8sqYVhr0= secure_boot_certificates: - fingerprint: 26dce4dbb3de2d72bd16ae91a85cfeda84535317d3ee77e0d4b2d65e714cf111 issuer: CN=Incus OS - Secure Boot E1,O=Linux Containers subject: CN=Incus OS - Secure Boot PK R1,O=Linux Containers type: PK - fingerprint: 9a42866f496834bde7e1b26a862b1e1b6dea7b78b91a948aecfc4e6ef79ea6c1 issuer: CN=Incus OS - Secure Boot E1,O=Linux Containers subject: CN=Incus OS - Secure Boot KEK R1,O=Linux Containers type: KEK - fingerprint: 21b6f423cf80fe6c436dfea0683460312f276debe2a14285bfdc22da2d00fc20 issuer: CN=Incus OS - Secure Boot E1,O=Linux Containers subject: CN=Incus OS - Secure Boot 2025 R1,O=Linux Containers type: db - fingerprint: 2243c49fcf6f84fe670f100ecafa801389dc207536cb9ca87aa2c062ddebfde5 issuer: CN=Incus OS - Secure Boot E1,O=Linux Containers subject: CN=Incus OS - Secure Boot 2026 R1,O=Linux Containers type: db secure_boot_enabled: true tpm_status: ok ```