RCON — Remote Console for Game Servers
RCON (Remote Console) lets you run commands on your game server without being logged into the game. Change settings, ban players, broadcast messages, restart maps — all from a terminal, web panel, or mobile app.
This guide covers how RCON works, which games support it, how to connect, and how to keep it secure.
What is RCON?
RCON is a TCP-based protocol that gives server administrators remote command-line access to a running game server. Think of it as SSH for game servers — you authenticate with a password, then send commands and receive output.
The protocol was originally created by Valve for the Source Engine (Counter-Strike, Half-Life 2), but the concept has been adopted by most multiplayer game servers — sometimes with the exact same protocol, sometimes with game-specific variants.
How It Works
┌──────────┐ ┌──────────────┐
│ Admin │ │ Game Server │
│ (Client) │ │ (RCON Port) │
└─────┬─────┘ └──────┬───────┘
│ │
│ TCP connect to RCON port │
│─────────────────────────────────>│
│ │
│ SERVERDATA_AUTH (password) │
│─────────────────────────────────>│
│ │
│ AUTH_RESPONSE (success/fail) │
│<─────────────────────────────────│
│ │
│ SERVERDATA_EXECCOMMAND │
│ "say Hello everyone!" │
│─────────────────────────────────>│
│ │
│ RESPONSE_VALUE (output) │
│<─────────────────────────────────│
│ │
- Connect — Client opens a TCP connection to the RCON port
- Authenticate — Client sends the RCON password in a
SERVERDATA_AUTHpacket - Server responds — Success (ID match) or failure (ID = -1)
- Execute commands — Client sends
SERVERDATA_EXECCOMMANDpackets - Receive output — Server responds with command output
The connection stays open — you can send multiple commands without re-authenticating.
Source RCON Packet Format
The Valve Source RCON protocol uses a simple binary packet format over TCP:
| Field | Size | Description |
|---|---|---|
| Size | 4 bytes | Packet body size (excluding this field) |
| ID | 4 bytes | Request ID — server echoes this back |
| Type | 4 bytes | 3 = AUTH, 2 = EXECCOMMAND, 0 = RESPONSE |
| Body | variable | Null-terminated ASCII string |
| Pad | 1 byte | Empty null terminator |
Maximum packet size: 4096 bytes. If a response exceeds this, the server splits it across multiple packets.
Packet Types
| Type | Value | Direction | Purpose |
|---|---|---|---|
SERVERDATA_AUTH | 3 | Client → Server | Authenticate with RCON password |
SERVERDATA_AUTH_RESPONSE | 2 | Server → Client | Auth result (ID = -1 means failed) |
SERVERDATA_EXECCOMMAND | 2 | Client → Server | Execute a console command |
SERVERDATA_RESPONSE_VALUE | 0 | Server → Client | Command output |
RCON vs Other Remote Access Methods
| Method | Protocol | Auth | Use Case |
|---|---|---|---|
| RCON | TCP | Password | Game-specific commands (ban, kick, settings) |
| SSH | TCP | Key/Password | Full OS access, file management |
| SFTP | TCP | Key/Password | File transfer only |
| WebSocket Console | TCP/WS | JWT Token | Browser-based log streaming + commands |
On Reactor, you get all four: RCON for game commands, SFTP for file access, WebSocket console in your dashboard, and the game-specific admin tools.
Game-Specific RCON Implementations
Minecraft (Standard RCON)
Minecraft uses the Source RCON protocol with no modifications. Enable it in server.properties:
enable-rcon=true
rcon.port=25575
rcon.password=YourSecurePassword
Common Minecraft RCON commands:
say Hello everyone! # Broadcast message
whitelist add PlayerName # Add to whitelist
ban PlayerName # Ban a player
op PlayerName # Give operator permissions
difficulty hard # Change difficulty
gamerule keepInventory true # Change game rule
stop # Graceful shutdown
Rust (WebRCON)
Rust uses a WebSocket-based RCON variant, not the standard Source RCON protocol. It runs on the game port + 1 by default.
+rcon.web 1
+rcon.port 28016
+rcon.password "YourPassword"
Common Rust RCON commands:
say "Server restart in 5 minutes"
kick "PlayerName" "Reason"
ban "SteamID" "Reason"
server.save # Force world save
server.writecfg # Save config
oxide.reload PluginName # Reload Oxide plugin
inventory.give "item" amount # Give items
Tools for Rust WebRCON:
- RustAdmin — Desktop client
- Rust+ companion app — Official mobile app
- webrcon — Web-based client
ARK: Survival Evolved
ARK uses standard Source RCON on port 27020 (by default):
?RCONEnabled=True?RCONPort=27020?ServerAdminPassword=YourPassword
Common ARK RCON commands:
Broadcast Server maintenance in 10 minutes
KickPlayer <SteamID>
BanPlayer <SteamID>
SaveWorld
DestroyWildDinos # Clear all wild dinos
SetTimeOfDay 12:00
admincheat AddExperience 1000 0 0 # Give XP
Valheim
Valheim doesn't have traditional RCON. Server administration is done through:
- In-game console — Press F5 (must be admin)
- Server config files —
adminlist.txt,bannedlist.txt - BepInEx mods — RCON functionality via mods like ValheimPlus
7 Days to Die
Uses the Telnet protocol (not Source RCON) on port 8081 by default:
<!-- serverconfig.xml -->
<property name="TelnetEnabled" value="true"/>
<property name="TelnetPort" value="8081"/>
<property name="TelnetPassword" value="YourPassword"/>
Common 7DTD commands:
say "Server message"
kick PlayerName
ban add PlayerName
saveworld
shutdown
settime day
Palworld
Palworld uses standard Source RCON:
RCONEnabled=True
RCONPort=25575
AdminPassword=YourPassword
Common Palworld RCON commands:
Broadcast "Server message"
KickPlayer <SteamID>
BanPlayer <SteamID>
Save
Shutdown 300 "Server restarting in 5 minutes"
ShowPlayers
RCON Port Reference
| Game | RCON Port | Protocol | Notes |
|---|---|---|---|
| Minecraft | 25575 | Source RCON | Standard implementation |
| Rust | 28016 | WebSocket | WebRCON, not Source RCON |
| ARK | 27020 | Source RCON | Via ?RCONPort= launch param |
| Palworld | 25575 | Source RCON | Via RCONPort= in config |
| 7 Days to Die | 8081 | Telnet | Not Source RCON |
| DayZ | N/A | BattlEye RCON | Uses BattlEye protocol |
| SCUM | N/A | In-game only | No external RCON |
| Project Zomboid | N/A | In-game only | Admin via in-game console |
| Enshrouded | N/A | N/A | No RCON support yet |
| Satisfactory | N/A | N/A | In-game Server Manager only |
RCON Clients & Tools
Command Line
mcrcon (works with any Source RCON server):
# Install
brew install mcrcon # macOS
apt install mcrcon # Debian/Ubuntu
# Connect and run command
mcrcon -H your-server-ip -P 25575 -p YourPassword "say Hello"
# Interactive mode
mcrcon -H your-server-ip -P 25575 -p YourPassword
> say Hello
> whitelist list
> stop
Python
from mcrcon import MCRcon
with MCRcon("your-server-ip", "YourPassword", port=25575) as mcr:
response = mcr.command("say Hello from Python!")
print(response)
players = mcr.command("list")
print(f"Players: {players}")
Web-Based
- Reactor Dashboard — Built-in WebSocket console for all games
- Pterodactyl — Open-source game server panel
- AMP — CubeCoders game server manager
Security Best Practices
RCON gives full admin access to your game server. A compromised RCON password means an attacker can:
- Ban all players
- Destroy the game world
- Execute arbitrary server commands
- Access sensitive server data
Securing RCON
1. Use a strong, unique password
# Good: random, 16+ characters
RCON_PASSWORD=xK9#mP2$vQ7@nL4!
# Bad: dictionary words or short
RCON_PASSWORD=admin123
2. Restrict RCON to trusted IPs
If your game server supports it, bind RCON to localhost or a specific IP:
# Only allow connections from localhost
rcon.ip 127.0.0.1
3. Use a non-standard port
Bots scan for default RCON ports (25575, 27015, 28016). Using a random port reduces automated attacks:
rcon.port 41923 # Random high port
4. Never expose RCON to the public internet without protection
If you must expose RCON externally, put it behind:
- A VPN (WireGuard, Tailscale)
- An SSH tunnel (
ssh -L 25575:localhost:25575 your-server) - A firewall with IP whitelist
5. Monitor RCON access logs
Check your game server logs for failed authentication attempts:
# Look for failed RCON auth in server logs
grep -i "rcon" /path/to/server/logs/*.log
Reactor game servers have RCON passwords auto-generated with cryptographically secure randomness. The RCON port is exposed via NodePort but protected by the password and DDoS mitigation. You can also use the built-in WebSocket console in your dashboard — no RCON setup needed.
Troubleshooting RCON
"Connection refused"
- RCON is not enabled in the server config
- Wrong port number
- Firewall blocking the RCON port
"Authentication failed"
- Wrong password (check for trailing spaces or quotes)
- Some games require
AdminPasswordseparately fromRCONPassword - Password may be case-sensitive
"Command not recognized"
- Not all game commands work via RCON — some only work in-game
- Check if the command needs a prefix (ARK uses
admincheatfor some commands) - Verify the command syntax for your specific game version
Connection drops after a few seconds
- Some games have RCON idle timeouts — send periodic keepalives
- Check if your client handles TCP keepalive correctly
- Network firewall may be killing idle TCP connections
Related Guides
- Steam Query Protocol (A2S) — How Steam finds your server
- Server Management — Managing your Reactor server
Need help configuring RCON? Contact us or use the built-in console in your Reactor dashboard.