Bind a Key Pair to an Instance
<p>This article describes how to bind a key pair to an ECS instance.</p>
<p><strong>Restriction</strong></p>
<p>1.After a key pair is bound to an ECS instance, the original login password would become invalid.</p>
<p>2.A Linux instance can be bound with one SSH key pair only.</p>
<p>3.A SSH key pair can be bound to multiple instances.</p>
<p><strong>Prerequisites</strong></p>
<p>You have created a custom login password, or created ECS instances for Linux OS with password as login method. For more information, see Create an Instance.</p>
<p><strong>Procedures</strong></p>
<p>1.Log in to the <a href="#https://yun.pingan.com/console/ecs/overview" target="_blank">ECS Console</a>.</p>
<p>2.In the left navigation pane, click <strong>Keys</strong> to enter the <strong>Keys</strong> page.</p>
<p>3.Select the target region, and in the operation column of the target key pair click <strong>Binding</strong>.</p>
<p>4.In the <strong>Binding</strong> that opens , check the target ECS instance and click <strong>Confirm</strong>.</p>
<p>5.In the <strong>Verification Code</strong> dialog box that opens, enter the verification code.</p>
<p>6.Click <strong>Confirm</strong>.</p>
<p><strong>Note</strong>: After the keys are bound to the ECS instance, a .pem-format private key will be downloaded and please keep it properly.</p>
<p><strong>Result</strong></p>
<p>After the binding is completed, the number under <strong>Binded Instances</strong> of the target key pair will be updated. Click the number, you can enter the <strong>Instance Management</strong> page to view the instance bound with the key pair.</p>
<p> </p>
<p><strong>Relevant Procedures</strong></p>
<p>Connect a key pair to a Linux instance to which the pair is bound.</p>
<p><strong>Prerequisites</strong></p>
<p>1.You have created ECS instances successfully. For more information, see Create a Linux Instance.</p>
<p>2.The key pair can be downloaded for once. Keep it properly. To download it again, you need to unbind it from the ECS instance to generate a new pair.</p>
<p>3.The private key is in the PKCS#8 format encoded with the unencrypted PEM (Privacy-enhanced Electronic Mail)</p>
<p><strong>Windows Operating System</strong></p>
<p><strong>Example 1: Connection with PuTTY</strong></p>
<p>Procedures</p>
<p><strong>1. </strong><strong>Create Keys</strong></p>
<p>(1) Log in to the ECS Console.</p>
<p>(2) In the left navigation pane, click <strong>Keys</strong> to enter the <strong>Keys</strong> page.</p>
<p>(3) In the upper-right corner, click <strong>Create</strong>, and the <strong>Create Key</strong> dialog box will open.</p>
<p>(4) Enter description, select create way and click <strong>Confirm</strong>.</p>
<p>(5) The .pem-format private key will be downloaded to your computer.</p>
<p><strong>Note</strong></p>
<ul>
<li>After you click confirm, the private key will be downloaded to the local immediately. Ping An Cloud will not keep it, and it cannot be downloaded again. Please keep it properly.</li>
<li>When the key pair is bound to an ECS instance, even with a username and password, you still cannot log in to the instance without the private key.</li>
</ul>
<p><strong>2. </strong><strong>Bind Keys to Instances</strong></p>
<p>(1) Log in to the ECS Console.</p>
<p>(2) In the left navigation pane, click <strong>Keys</strong> to enter the <strong>Keys</strong> page.</p>
<p>(3) In the operation column of the target key, click <strong>Binding</strong> i, and the <strong>Binding </strong>dialog box will open.</p>
<p>(4) Select the target instance, and click <strong>Confirm</strong>.</p>
<p>(5) In the <strong>Verification Code</strong> dialog box that opens, enter the verification code, and click<strong> Confirm</strong> to complete the binding operation.</p>
<p><strong>3. </strong><strong>Convert Key Pair Format</strong></p>
<p>(1) Double click to open PuTTYgen.</p>
<p>(2) In the <strong>Actions</strong> section, click <strong>Load</strong>, import the generated key pair file, and then select <strong>All files (*.*) </strong>as the importing format.</p>
<p>(3) Click <strong>Save private key</strong>.</p>
<p>(4) In the warning dialog box that opens, select the directory for storing the keys and enter key name.ppk behind the file name. For example, save EC-YD60002.pem private key as EC-YD60002.ppk key.</p>
<p><strong>4. </strong><strong>Connect to Linux Instance</strong></p>
<p>(1) Double click to open PuTTY.</p>
<p>(2) Click Connection > SSH > Auth.</p>
<p>(3) Click <strong>Browse,</strong> and in the dialog box that opens select the storage directory for the key.</p>
<p>(4) Select the target key, click <strong>Open</strong> and upload the key that has been converted into .ppk format.</p>
<p>(5) Click <strong>Session</strong> to configure the following information:</p>
<ul>
<li>Host Name (or IP address): Enter the Internet IP of the ECS instance.</li>
<li>Connection type: SSH is selected by default.</li>
<li>Saved Session (optional): You may enter an easy-to-identify name, so that next time you can enter the login page directly without entering information again. Click <strong>Save</strong>.</li>
</ul>
<p>(6) Click <strong>Open</strong>.</p>
<p><strong>5. </strong>Verification succeeded and you will log in to the Linux instance.</p>
<p><strong>Example 2: Connection with Xshell</strong></p>
<p>Procedures</p>
<p>1. Double click to open Xshell.</p>
<p>2. Click <strong>Tools</strong> > <strong>User Key Manager</strong> <strong>(U).</strong></p>
<p>3. In the <strong>User Keys</strong> dialog box that opens, select the pem file saved before and click <strong>Import</strong>.</p>
<p>4. In the <strong>Connection </strong>area, create a new connection, enter name, protocol, IP and port number 22.</p>
<p>5. Click <strong>User Identity Authentication</strong> to configure the following information:</p>
<ul>
<li>Method(M): Select Public Key.</li>
<li>Username(U): Enter root.</li>
<li>User key(K): Select the imported pem key.</li>
</ul>
<p>6. In the <strong>SSH Security Warning</strong> dialog box that opens, click <strong>Accept and Save</strong>.</p>
<p><strong>Linux Operating System Client</strong></p>
<p>If your uses a Linux operating system client, you can name the key with the following steps.</p>
<p>1. Change authorization with so that only the owner can read the private key by executing</p>
<p>chmod 400<the storage directory of the private key bound to the ECS instance></p>
<p>For example, chmod 400 / Downloads/ EC-YD60002.pem</p>
<p>2. Execute the following command for remote login.</p>
<p>ssh -i <the storage directory of the private key bound to the ECS instance> root@ <IP address></p>
<p>For example: ssh -i / Downloads/ EC-YD60002.pem root@101.xxx.xxx.xxx</p>
Did the above content solve your problem?
Yes
No
Submitted successfully! Thank you for your feedback, we will try our best to do better and better!