Short, technical, and practical. This explains why the RCON password is often hard to find in AMP running inside Docker, what to check, and how to use the command you mentioned to inspect the running Rust process.
When AMP runs in Docker it often masks or hides sensitive values (passwords) from the UI and the process arguments you see in a control panel. Common realities:
You gave:
docker exec -it <YOUR_CONTAINER_ID> /bin/sh -c "ps aux | grep RustDedicated"
Use /proc/<pid>/cmdline to avoid truncated/colored output and to see full arguments:
# inside container
pid=$(pgrep -f RustDedicated)
tr '\0' ' ' < /proc/$pid/cmdline && echo
One-liner from host:
docker exec -it AMP_Rust01 sh -c 'pid=$(pgrep -f RustDedicated) && tr "\0" " " < /proc/$pid/cmdline && echo'
Why this matters: /proc/<pid>/cmdline shows the exact argv passed to the process. If the real RCON password is on the Rust command line, you’ll see it here. If it shows ******, AM P or startup wrapper masked it earlier — you'll need to change it via config or set a new one.
Actions:
Install mcrcon or another RCON client and run:
mcrcon -H <server-ip> -P <rcon-port> -p 'YourPassword' "status"
Problem summary
When AMP runs in Docker it often masks or hides sensitive values (passwords) from the UI and the process arguments you see in a control panel. Common realities:
- AMP may show +rcon.password "******" in the UI or in its saved command line — the asterisks are masking, not the real value.
- AMP can store the real command-line in an internal DB or Config.json, or it might pass the password via environment variable or a secure token — not always visible in plain files.
- Panels sometimes shell out a wrapper script that replaces the real password with ****** when displaying to users.
- Therefore you may need to inspect the actual running process or the instance files to confirm the real value or to set a new one.
Quick checklist (most common places to find / change RCON)
- AMP Instance CommandLine (AMP UI → Instance → Command Line Manager) — view/edit here, but UI may mask.
- Instance Config file (on disk) — Instances/<Name>/Config.json or similar; look for CommandLine.
- server.cfg (game side): server/my_server_identity/cfg/server.cfg — you can add rcon.password "newpass".
- Running process arguments (inspect /proc/<pid>/cmdline) — often shows the real +rcon.password if passed to Rust.
- AMP “Service Login” / Passthrough token — alternative to using game password; visible only once when created.
Use this Docker command to inspect the running Rust process
You gave:
docker exec -it <YOUR_CONTAINER_ID> /bin/sh -c "ps aux | grep RustDedicated"
What it does
- docker exec -it
<YOUR_CONTAINER_ID>
→ open a shell in the AMP_Rust01 container. - /bin/sh -c "ps aux | grep RustDedicated" → run ps aux and filter lines containing RustDedicated.
- This helps find PID(s) and the full process line (sometimes includes the real +rcon.password).
More reliable variant (prints the exact command line)
Use /proc/<pid>/cmdline to avoid truncated/colored output and to see full arguments:
# inside container
pid=$(pgrep -f RustDedicated)
tr '\0' ' ' < /proc/$pid/cmdline && echo
One-liner from host:
docker exec -it AMP_Rust01 sh -c 'pid=$(pgrep -f RustDedicated) && tr "\0" " " < /proc/$pid/cmdline && echo'
Why this matters: /proc/<pid>/cmdline shows the exact argv passed to the process. If the real RCON password is on the Rust command line, you’ll see it here. If it shows ******, AM P or startup wrapper masked it earlier — you'll need to change it via config or set a new one.
If you find +rcon.password "******" (masked)
Actions:
- Don't assume it's the real password. Test it (see below).
- Set a known passwordto remove doubt:
- Edit server.cfg (recommended):
rcon.password "NewStrongPass123!"
rcon.port 5678
Save & restart the Rust instance. - Or edit the AMP instance CommandLine (Command Line Manager) to include +rcon.password "NewStrongPass123!" and restart the instance.
- Edit server.cfg (recommended):
How to test RCON quickly
Install mcrcon or another RCON client and run:
mcrcon -H <server-ip> -P <rcon-port> -p 'YourPassword' "status"
- status should return server info if the password is correct.
- If you get auth failed, the password is wrong.
If you still can’t see or change the password
- AMP might store the real password encrypted in its datastore. In that case:
- Best: set a new password via server.cfg or AMP CommandLine and restart.
- Alternative: create an AMP Service Login (passthrough token) to connect via RCON without the game password.
Extra tips & gotchas
- After editing server.cfg, run server.writecfg (console) and restart the Rust process to guarantee the change.
- If AMP is running a wrapper script that launches Rust, the wrapper may inject the password from another place; check Instances/<Name>/Files and Config.json.
- If the running process shows the real password in /proc/<pid>/cmdline, treat it as secret and rotate it if it leaked.
- Firewall: verify RCON port is reachable from where you test (local vs remote).
- For Docker: if Rust runs in a separate container from AMP, inspect the game container instead.
Example workflow (fast)
- Inspect process (inside container):
docker exec -it AMP_Rust01 sh -c 'pid=$(pgrep -f RustDedicated); tr "\0" " " < /proc/$pid/cmdline && echo' - If password not found or masked → set known password:
# edit server.cfg or AMP CommandLine: add rcon.password "NewPass" - Restart instance (via AMP UI or docker restart AMP_Rust01).