BIENVENUE10valid for the first month only! on all offersView plans
Skip to content
← Knowledge base

Change the RCON / admin password

Edit rcon_password in server.cfg or ServerAdminPassword and restart the server.

Change the RCON / admin password

The RCON password (or admin password, depending on the game) grants full remote administration access. You should change it regularly and immediately if a staff member leaves or if you suspect a leak.

Cause / The problem

An RCON password known to a third party lets them take over the server (kick everyone, edit configs, install cheats). The default password, if any, or a password shared with too many people, is a vulnerability.

Solution

For CS2 / CS:S

  1. Edit server.cfg in game/csgo/cfg/ (CS2) or cstrike/cfg/ (CS:S).
  2. Change the line: 
    rcon_password "NewStrongPassword123"
  3. Only put the RCON in server.cfg, never on the command line (risk of conflict).
  4. Restart the server.
  5. Clients must re-enter rcon_password NewStrongPassword123 in their console.

For Rust

  1. The startup line contains +rcon.password "...". Edit it in the panel’s Variables / Startup.
  2. Restart.
  3. Reconnect your RCON tools (RustAdmin, web) with the new password.

For ARK

  1. Edit GameUserSettings.ini, section [/Script/ShooterGame.ShooterGameUserSettings]: 
    ServerAdminPassword=NewStrongPassword
  2. Do not duplicate this password in the command line / batch — it causes conflicts on reboot.
  3. Restart. In-game, type enablecheats NewStrongPassword to confirm.

For DayZ

  1. Edit serverDZ.cfg: 
    passwordAdmin = "NewStrongPassword";
  2. Restart. In-game, type #login NewStrongPassword in chat.

Best practices

  • Length: at least 16 characters, mixed uppercase/lowercase/digits.
  • Rotation: change it every 2-3 months and whenever a staff member leaves.
  • Storage: use a password manager (Bitwarden, 1Password), not a Slack message.
  • Unique: never reuse the same RCON across different servers.

After a change, notify only the active administrators. A compromised RCON left unchanged means a remotely hackable server.

Similar articles

How the Gcore Anti-DDoS protection works

Gcore protection is always on, requires no configuration, and filters volumetric attacks.

Connect to your server via FTP/SFTP

Use FileZilla with the host, username, and password provided in the panel.

Read server logs and console

Read the live console and the log files to diagnose a crash or prepare a support ticket.

Diagnose a server that's down (not responding)

Check status, logs, CPU/RAM, and infrastructure status when the server isn't responding.
oneSubnet

French hosting provider in Paris. High-performance game and voice servers.

FREN

SERVICES

Game ServersVoice ServersGameBox ServicesCloud Services

Resources

Knowledge baseBlogSitemap

LEGAL

Legal NoticeTerms of ServicePrivacy PolicyProhibited ActivitiesReferral program

© 2026 oneSubnet. All rights reserved.

All systems operational