Help Center/ Data Encryption Workshop/ FAQs/ KPS Related/ How Do I Handle the Failure in Binding a Key Pair?
Updated on 2024-06-12 GMT+08:00

How Do I Handle the Failure in Binding a Key Pair?

Symptom

Failed to bind the key pair to the ECS.

  • The Failed Key Pair Task dialog box only records and displays failed key pair operations on ECSs, which do not affect the ECS status and subsequent operations. You can click Delete in the row of the failure record to delete it, or you can click Delete All to delete all failure records.
  • Click Learn more to view related documents.

Possible Causes

  • An incorrect or invalid password has been provided.
  • The permission or owner group of the public key file has been changed.
  • SSH configuration of the ECS has been modified.
  • The inbound direction of port 22 of the ECS security group is not open to 100.125.0.0/16.
  • The ECS has been shut down, started, or a disk has been detached during the process of binding the key pair to the ECS.
  • The network connection is faulty.
  • Firewall rules have been configured for the ECS.

Handling Procedure

  1. Check the ECS status.

    • If it is running, go to Step 2.
    • If it is shut down, go to Step 5.

  2. Use the password to log in to the ECS to check whether the password is correct.

    • If it is correct, go to Step 4.
    • If it is incorrect, use the correct password to bind the key pair again.

  3. Check whether the permission path and owner group of the /root/.ssh/authorized_keys file on the ECS have been modified.

    • If yes, restore the permission to the following:
      • The owner group of each level has the root:root permission.
      • The permission for the .ssh file is 700.
      • The permission for authorized_keys is 600.
    • If no, go to Step 4.

  4. Check whether the /root/.ssh/authorized_keys file of the ECS has been modified.

    • If yes, restore the original content of the /root/.ssh/authorized_keys file based on the site requirements.
    • If no, go to Step 5.

  5. Check whether the inbound direction of port 22 of the ECS security group is open to 100.125.0.0/16. That is, 100.125.0.0/16 can remotely connect to Linux ECSs through SSH.

    • If yes, go to Step 6.
    • If no, add the following security group rule and bind the key pair again. For details about how to add a security group, see Adding a Security Group Rule.

      Direction

      Protocol/Application

      Port

      Source

      Inbound

      SSH (22)

      22

      100.125.0.0/16

  6. Check whether the ECS can be powered on, shut down, and logged in to.

    • If yes, bind the key pair again.
    • If no, go to Step 7.

  7. Check whether the network is faulty.

    • If yes, contact technical support to check and locate the fault.
    • If no, bind the key pair again.