How to modify the RCON feature on your Garry’s Mod server

RCON (Remote Console) is the single most important admin tool on a Garry’s Mod server. It lets you authenticate to your server’s console from a remote machine and run any server command — kick a griefer, change the map, reload your config, or check who is connected — without needing physical access to the machine running srcds. Garry’s Mod runs on Valve’s Source engine, so it uses the standard Source RCON Protocol that every Source dedicated server shares.

This guide walks through every step: setting the RCON password in the right config file, connecting and issuing commands from an in-game client console, using external RCON tools over the network, and — most importantly — locking RCON down so nobody else can brute-force their way into your server. If you are standing up a fresh box, our managed Garry’s Mod hosting plans ship with the firewall and config layout already in place, but the steps below work on any SRCDS install.

What RCON Is and Why It Matters

RCON stands for Remote Console. It is a TCP-based protocol that lets an authenticated client send server console commands to a running game server. On Garry’s Mod the server listens on the same port it uses for game traffic — by default TCP/UDP 27015 — and external RCON tools speak the Source RCON Protocol over TCP on that port.

The flow is simple. The client sends a SERVERDATA_AUTH packet carrying your RCON password. If it matches, the server accepts subsequent command packets and returns their output. Anything you could type into the local server console you can run over RCON — status, changelevel, banid, exec, and so on. That power is exactly why the password needs to be strong and the port needs to be firewalled, which we cover at the end.

Step 1: Set the RCON Password in server.cfg

RCON is controlled by a single convar, rcon_password. Garry’s Mod stores its main server configuration at garrysmod/cfg/server.cfg, which is auto-executed every time the server starts. Open that file and add the password line:

// garrysmod/cfg/server.cfg
hostname "My Garry's Mod Server"
rcon_password "9xR2-vQ7t!mB4kZ"

Two things are critical here:

  • A blank or empty rcon_password disables RCON entirely. If you never set it, or you set it to "", no remote console connections are accepted at all. That is the safe default — RCON is off until you deliberately turn it on with a password.
  • Set a long, random value. The example above is illustrative; do not reuse it. We explain exactly why this matters in the security section.

Because server.cfg is executed on every server start, the password persists across restarts. If you change it while the server is running, either restart the server or run exec server.cfg from the local console to reload it. You can also set rcon_password live in the server console for a single session, but putting it in server.cfg is the standard approach.

Step 2: Connect and Issue Commands From a Client Console

The fastest way to use RCON is straight from the Garry’s Mod client while you are connected to your server. First make sure your in-game developer console is enabled — if you have not done that yet, see our walkthrough on enabling the developer console. Then open the console with the tilde key (~) and authenticate:

rcon_password 9xR2-vQ7t!mB4kZ

This tells your client which password to use for the server you are currently connected to. After authenticating, prefix any server command with rcon and it executes on the server instead of locally:

rcon status
rcon changelevel gm_flatgrass
rcon banid 0 3

Here is what each of those does:

  • rcon status — prints the server status, including every connected player’s userid (the leading #), name, and SteamID (e.g. STEAM_1:1:13967715). This is how you find the IDs you need for the other commands.
  • rcon changelevel gm_flatgrass — switches the active map. (You can also use map .) See changing the default map for the full rundown of map and gamemode parameters.
  • rcon banid 0 3 — bans the player whose userid is 3. The 0 means a permanent ban (any non-zero number is the ban length in minutes). For the complete ban/kick workflow, including persisting bans to disk, read our player banning guide.

Because RCON forwards to the real server console, every console command is available remotely. Common moderation examples:

RCON commandWhat it does
rcon statusList players with userid and SteamID
rcon changelevel gm_constructChange the active map
rcon banid 0 Permanently ban a player by userid
rcon banid 60 STEAM_1:1:13967715Ban a SteamID for 60 minutes
rcon kickid "reason"Kick a player without banning
rcon exec server.cfgReload the server config
rcon say "Restart in 5 minutes"Broadcast a message to all players

Step 3: Use an External RCON Tool

You do not have to be in the game to use RCON. Standalone RCON clients let you administer the server from a desktop app, a phone, a web panel, or a script — handy for scheduling restarts, automating moderation, or managing the server when you do not want to launch Garry’s Mod at all.

These tools all implement the Source RCON Protocol, which runs over TCP on the server’s game port (default 27015). Connecting requires three pieces of information:

  • Host / IP — your server’s public IP address.
  • Port27015 unless you changed it.
  • Password — the value you set for rcon_password in server.cfg.

Under the hood the tool first sends a SERVERDATA_AUTH packet carrying the RCON password. No command will be accepted until that authentication packet succeeds. Once authenticated, you type commands without the rcon prefix that the in-game client requires — the external tool sends them directly as command packets. For example, you would type status or changelevel gm_flatgrass, and the tool returns the server’s response.

Any compliant Source RCON client works with Garry’s Mod because the protocol is identical across Source engine games. Pick whichever fits your workflow — desktop, web, CLI, or library — and point it at your IP, port 27015, and password.

Step 4: Secure Your RCON

RCON is full administrative control over your server. The Source RCON Protocol authenticates in plaintext and offers no built-in rate limiting, which means a weak password is genuinely brute-forceable by anyone who can reach the port. Treat RCON the way you would treat an SSH login.

Use a long, random password

Set a password of at least 12 characters mixing upper- and lower-case letters, numbers, and symbols. Avoid dictionary words, your server name, or anything guessable. Because authentication is plaintext and brute-forceable, length and randomness are your main defense:

rcon_password "kP9$wt2Lq!Z7vXr4mC8e"

Firewall the RCON port

The strongest control is network-level. Restrict TCP/27015 at the firewall so only trusted IP addresses can connect to RCON. If you and your admins always connect from known IPs, allow-list only those and drop everything else. This way, even if your password leaked, an attacker still could not reach the RCON listener.

Never publish your password

Never commit rcon_password to a public Git repository, paste it into a Workshop config, or share it in a Discord channel. If you distribute config files for your server, strip the RCON line first. If a password is ever exposed, change it immediately in server.cfg and reload the config.

Security measureWhy it matters
12+ char random passwordAuth is plaintext and brute-forceable
Firewall TCP/27015 to trusted IPsBlocks attackers even if the password leaks
Keep the password out of public configsPrevents accidental disclosure
Blank rcon_password = RCON offDisable RCON entirely when not needed

Where RCON Fits With Admin Mods

RCON gives you raw vanilla console access, which is perfect for one-off commands, automation, and emergency control. For day-to-day moderation, most production servers layer an admin addon such as ULX (with its ULib dependency) or SAM on top, giving in-game chat commands and a menu UI. The two approaches complement each other: admin mods handle live in-game moderation by trusted staff, while RCON handles remote and automated administration. You will still reach for RCON to reload configs, change maps from a script, or regain control when something goes wrong.

If you are configuring a new server end to end, our Garry’s Mod setup documentation covers the full launch line, gamemodes, and Workshop collections alongside RCON. And once RCON is working, it pairs naturally with the rest of your admin toolkit — for example connecting server-side Lua to a database with MySQLoo for persistent storage.

Frequently Asked Questions

Which file holds the RCON password in Garry’s Mod?

Set rcon_password "" in garrysmod/cfg/server.cfg. That file is auto-executed every time the server starts, so the password persists across restarts. Leaving rcon_password blank or empty disables RCON completely.

How do I run a command over RCON from inside the game?

Open the developer console, authenticate with rcon_password , then prefix any server command with rcon — for example rcon status, rcon changelevel gm_flatgrass, or rcon banid 0 . The command runs on the server and returns its output to your console.

What port does Source RCON use?

External RCON tools connect over the Source RCON Protocol on TCP, using the server’s game port — 27015 by default. Authentication is handled by a SERVERDATA_AUTH packet carrying your rcon_password before any command is accepted.

Is RCON safe to leave enabled?

It is safe if you protect it. Use a long random password (12+ characters with mixed letters, numbers, and symbols) because the protocol authenticates in plaintext and is brute-forceable. Restrict TCP/27015 at the firewall to trusted IPs, and never publish your password in a public config or Git repo.

How do I find a player’s userid for an RCON ban?

Run rcon status (or status in the local console). The output lists each player’s userid as the leading #, along with their name and SteamID such as STEAM_1:1:13967715. Use the userid with banid/kickid, or the SteamID for a persistent ban.

Can I disable RCON without removing it?

Yes. Setting rcon_password to a blank/empty value disables RCON entirely — the server will not accept any remote console connections. This is the default state until you assign a password.

Ready to play?

Run your own Garry's Mod server with XGamingServer

Spin up an always-on Garry's Mod server your friends can join in minutes — no port-forwarding, no tech headaches.

99.9%Uptime SLA
< 5 minInstant setup
24/7Human support
DDoSProtected
Instant setup Your server is live in minutes with a one-click control panel.
Mods & plugins Install mods, plugins and workshop content in a few clicks.
DDoS protected Enterprise DDoS mitigation keeps your server online 24/7.
Low-latency hardware Premium CPUs & NVMe SSDs for lag-free multiplayer.
Free backups Automatic backups so your world is never lost.
Real human support Gamers helping gamers — 24/7, no bots, no scripts.

Pick your Garry's Mod plan & play in minutes

See all plans
Starter $8.40/mo 4 GB RAM Renews $12/mo Buy now
Rookie $17.50/mo 8 GB RAM Renews $25/mo Buy now
Pro $24.50/mo 12 GB RAM Renews $35/mo Buy now