Replacing a Key Pair

If your private key is leaked, you can use a new key pair to replace the public key of the ECS through the management console. After replacing the key pair, you need to use the private key of the new key pair to log in to the ECS, and the original private key cannot be used to log in to the ECS.

This section describes how to replace a key pair on the KPS console.

Prerequisites

The ECS whose key pair is to be replaced uses the public image provided by Huawei Cloud.
To replace the key pair, you can replace the public key of the user by modifying the /root/.ssh/authorized_keys file on the server. Ensure that the file is not modified before replacing the key pair. Otherwise, replacing the public key will fail.
The ECS must be in the Running state.

Procedure

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click . Choose Security & Compliance > Data Encryption Workshop.
In the navigation pane on the left, click Key Pair Service.
Click the ECS List tab.
Click Replace in the row of an ECS. Set parameters in the dialog box that is displayed.

Figure 1 Replacing a key pair
Select a new key pair from the drop-down list box of New Key Pair.
Click Select File to upload the private key (in .pem format) of the original key pair or copy the private key content to the text box.

The private key to be uploaded or copied to the text box must be in the .pem format. If it is in the .ppk format, convert it by referring to How Do I Convert the Format of a Private Key File?
Select I have read and agree to the Key Pair Service Disclaimer.
Click OK. The key pair will be replaced from the ECS in about one minute.