Updated on 2024-09-29 GMT+08:00

Binding a Key Pair

If you set the login mode to Password when purchasing an ECS running Linux, and you need to change the login mode to Key Pair, you can bind the key pair to the ECS on the KPS console, KPS will configure the key pair. After the key pair is bound, you can use the private key to log in to the ECS.

This section describes how to bind a key pair to an ECS on the KPS console.

Prerequisites

  • The ECS must be in the Running or Shut down state.
  • The ECS has not been bound to a key pair.
  • The ECS whose key pair is to be reset uses the public image provided by Huawei Cloud.
  • To bind to a key pair, you can write the public key of the user to the /root/.ssh/authorized_keys file on the server. Ensure that the file is not modified before binding to the key pair. Otherwise, the binding will fail.
  • The SSH port (22 by default) of the ECS security group must allow traffic from the 100.125.0.0/16 CIDR block in advance.

Constraints

  • On the management console, key pairs cannot be bound to ECSs that run Windows.
  • Key pairs cannot be bound to public images running CoreOS, OpenEuler, FreeBSD (Other), Kylin V10 64-bit, or UnionTech OS Server 20 Euler 64-bit.

Binding a Key Pair

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click . ChooseSecurity > Data Encryption Workshop.
  4. In the navigation pane on the left, click Key Pair Service.
  5. Click ECS List to view ECSs.
  6. Click Bind in the row of an ECS to open the Bind Key Pair dialog box.

    • If the ECS is shut down, a dialog box will be displayed, as shown in Figure 1.
      Figure 1 Binding a key pair (1)
    • If the ECS is running, you need to provide the root password, as shown in Figure 2.
      Figure 2 Binding a key pair (2)
      • If you have the root password of the ECS, you can directly enter the password to bind the key pair to the ECS.
      • If you do not have the root password of the ECS, you can shut down the ECS, and bind the key pair when the ECS is in Shut down state.

  7. Select a new key pair from the drop-down list box of New Key Pair.
  8. The default port number is 22 and can be modified.

  9. You can choose whether to disable the password login mode as necessary. By default, the password login mode is disabled.

    • If you do not disable the password login mode, you can use the password or the key pair to log in to the ECS.
    • If the password login mode is disabled, you can use only the key pair to log in to the ECS. If you need to use the password login mode later, you can enable the password login mode again. For details, see How Do I Enable the Password Login Mode for an ECS?.

  10. Read and select I have read and agree to the Key Pair Service Disclaimer.
  11. Click OK to complete the operation.

    • If the ECS is not shut down, use the root password to bind the key pair. It takes about 30 seconds to complete.
    • If the ECS is shut down, the binding operation may take about five minutes.