Configure RCON and the admin password

RCON (Remote Console) lets you administer the server remotely: kick, ban, change map, without joining the game. It is configured via rcon_password in server.cfg. In CS2, RCON listens on the main game port (no separate port).

Cause / The problem

Without RCON, you have to join the server in-game for every admin action. Without an RCON password, remote administration is impossible. And a poorly secured RCON (weak password, exposed port) is the prime target for bruteforce attacks.

Solution

1. Set rcon_password in game/csgo/cfg/server.cfg (CS2) or cstrike/cfg/server.cfg (CS:S):

   rcon_password "AVeryLong_AndComplex_Rcon!"

   In CS2, RCON listens on the same port as the game server — no extra port to open.
2. Set sv_password if you want a private (reserved-access) server:

   sv_password "MatchPassword"

   Leave empty for a public server.
3. Connect via an RCON tool (HLSW, GameTracker, or a web RCON client) with:
   • Server IP + game port
   • The RCON password set above
4. Common admin commands:

   rcon kick "PlayerName"
   rcon banid 60 STEAM_0:1:12345
   rcon changelevel de_dust2
   rcon say "Global message"
   rcon mp_restartgame 1

5. Secure RCON against bruteforce:

   sv_rcon_banpenalty 60
   sv_rcon_maxfailures 5
   sv_rcon_minfailuretime 30

6. Change the password if an admin leaves. Only share it through a password manager, never in plain text on Discord.
7. Avoid public RCON: never publish the IP + port + password together. If you use a third-party tool (GameTracker), make sure it encrypts the password.

In CS2, the classic RCON protocol still works but some third-party tools offer a “Web RCON” via API. Always prefer strong authentication and an IP whitelist if the panel allows it.