Edit Docker image & configuration
How to connect to your Vast.ai instance
Vast.ai rents out Linux docker instances. One key step is determining what Linux docker image to load onto the instance. Whichever image you select will be pulled before you connect.

Select an image

When creating an instance, the very first thing to select is the docker image and configuration options. This menu is accessible in the upper left of the create instance interface. Once clicked, a list of docker image slots are available. There is 1 open slot at the top and 3 down at the bottom available for custom images. The other images are presets.

Preset docker images

These docker images will load quickly on rented machines and are preconfigured in the interface. These are common docker images used for AI/ML research. Click on the "select" button to select that image and click again to expand the image template editor.
Available presets:
  • Pytorch
  • Tensorflow
  • Nvidia Cuda
  • Nvidia Opencl
  • Caffe2ai
  • Deepo

Custom docker image templates

The first and last three docker Image slots are reserved for custom templates where you can specify your own docker image. After selecting the templated spot, simply enter the full docker/tag name for docker pull. The version tag box will populate once it finds the docker image.

Docker repository (registry) authentication

Vast can connect to a custom docker repository and authenticate to that registry.
Enter the registry information along with your username and password.

Docker create/run options

Vast supports port and environment variables from docker run options. These can be input into the line after the Docker docker image line. It is most useful for opening custom ports on the instance so they are available when the instance is created. It requires creating the instance on a machine that has open ports.
To limit your search options to machines with open ports, there is a port filter in the interface in the lower left of the create page. If a direct launch mode is selected, the interface will also filter for only machines with open ports.
To open a custom port on a machine with open ports, you add the port command to the docker run options line.
-p 5555:5555
Adding that command to the run options would open port 5555 on the instance.
It is also possible to change environment variables. For example:
Sets the environment variable for time zone to UTC so that the instance is now in the UTC time zone.

Select a launch mode

Vast provides a "launch mode" for the docker image which sets up SSH or Juypter for connecting to the instance instead of a normal entrypoint process. After the instance starts, the GUI provides the SSH command or Juypter link to connect to the instance.
Also supported is a normal ENTRYPOINT process which allows you to configure a docker run command and pass arguments. Unless you know you intend to use a docker ENTRYPOINT, you probably want the ssh launch type with an onstart script.

Direct vs proxy connections

Vast offers both proxy (default) and direct connection methods for SSH and Juypter launch modes. In general, the proxy connections use a Vast proxy server and work on machines without open ports. The proxy connections are slower for data transfer.
The direct connections only work on machines with open ports. When selected, the instance will open port 22 and/or 8080 when created. These direct launch modes are the preferred methods to connect and allow direct connections to the instance. Data transfer is faster and the connection is more reliable. Also because the machine has open ports, it is possible to copy data off the instance when it is stopped to local or another instance using the Vast CLI copy command.


​Juypter is an interactive notebook interface that is very popular for AI/ML development using Python. Using Juypter, you can connect to an interface in your browser and open any notebook that you can download as a .ipynb file.
We recommend this launch mode to start. We also recommend this launch mode over trying to run Google Colab with Vast. While Google Colab has a way to connect to a "local runtime", running Juypter directly is more robust and less error prone if connections drop or the browser window is closed.
By default Juypter instances use a proxy server. This is a simple setup that works on machines with or without open ports. The only downside is it can be slower to upload/download large files.

Juypter direct HTTPS launch mode

When selecting Juypter there is a check box for "Juypter direct HTTPS". When you select this box, you are then limiting your search to machines that have open ports, as you cannot run this option on machines without open ports. So your machine search will narrow.
Juypter uses a browser interface, so to get the direct HTTPS connection to work, you will need to install a certificate onto your operating system.
If you don't install the browser certificate, Windows and Linux will show a "Your connection is not private" Privacy error. It is annoying but you can click through by clicking "Advanced" and then proceed.
If you don't install the certificate on macOS, the OS might not let you open the Juypter webpage.

Installing the TLS certificate

Start by downloading the certificate here. Then follow the directions for your operating system.
In most operating systems, double clicking on the certificate will start an installation wizard.
  1. 1.
    After downloading the certificate, double click on it to open the installation wizard.
  2. 2.
    Click "Open".
  3. 3.
    Click on the "Install Certificate" button. Select either the current user or local machine and hit next.
  4. 4.
    Click "Place all certificates in the following store".
  5. 5.
    Select the folder "Trusted Root Certification Authorities". Click OK. Then click Next. Click "Finish" to install the certificate.
  6. 6.
    Reboot the machine so the change can take effect.
  1. 1.
    Double click the certificate after downloading it. It will then be added to your Keychain under the Login default keychain. You will notice that it is not trusted.
  2. 2.
    Double click the entry and then click on the "Trust" box.
  3. 3.
    Change the "When using this certificate" box to "Always Trust".
  4. 4.
    Close the window.


Select this launch mode to connect to your instance using SSH. Once your instance is rented and starts, you will be given an SSH command that will have the right ports, hostname and settings to connect to your Vast instance.
The default SSH connection is made using a proxy. This method is slower, as it involves a bounce server, but it works on machines without open ports.
For Windows users, read our Windows guide on how to use Putty tools to SSH into a Vast instance.

SSH Direct

After checking the box for SSH direct connection, your search will be limited to machines with open ports. Checking that option will then create a second SSHD on an open port that you can connect directly to for a faster connection.
With the SSH direct option enabled, the direct SSH connection command will be displayed on the instance card, including the correct port and IP address of the Vast instance.
The proxy SSH connection will also still be available as a backup.

On-start scripts

For both Juypter and SSH launch modes, you can paste in a script that will run Bash commands after the machine starts.


This allows you to configure a docker run command with a normal ENTRYPOINT process, instead of setting up ssh and remote access. You will not be able to retrieve the command's output. Unless you know you intend to use a docker ENTRYPOINT, you probably want the ssh launch type with an onstart script.

Select Disk Size

When the instance is created, the disk size is set and cannot be modified. It is important to estimate how much disk you will need and then to move the slider to the desired disk size. The default disk size for an instance is 10GB. Use the slider to allocate more or less, taking into consideration that providers charge for disk allocation even when the instance is stopped.