Updated on 2025-03-13 GMT+08:00

Obtaining the Password for Logging In to a Windows ECS

Scenarios

Password authentication is required to log in to a Windows ECS. You must use the key file used when you created the ECS to obtain the administrator password generated during ECS creation. The administrator user is Administrator or the user configured using Cloudbase-Init. This password is randomly generated, offering high security.

You can obtain the initial password for logging in to a Windows ECS through the management console or APIs. For details, see this section.

Prerequisites

You have obtained the private key file (.pem file) which was generated during the ECS creation.

When you selected the key pair login mode during the ECS creation, a private key file (.pem file) was generated during the creation of the key pair. For details about how to create and use a key pair, see Application Scenarios for Using Key Pairs.

If the private key file is lost, you can reset a key pair and bind it to the ECS. If you select I agree to host the private key of the key pair, you can export the managed private key as required. For details, see Exporting a Private Key.

Obtaining the Password Through the Management Console

  1. Obtain the private key file (.pem file) used when you created the ECS.
  2. Log in to the management console.
  3. Click in the upper left corner and select your region and project.
  4. Click . Under Compute, click Elastic Cloud Server.
  5. On the Elastic Cloud Server page, select the target ECS.
  6. In the Operation column, click More and select Get Password.
    Figure 1 Obtaining a password

    If Get Password is not displayed, the one-click password reset plug-in may not be installed.

    In this case, you can reset the password by referring to Resetting the Password for Logging In to a Windows ECS Without the Password Reset Plug-in Installed.

  7. Use either of the following methods to obtain the password through the key file:
    • Click Select File and upload the key file from a local directory.
    • Copy the key file content to the text field.
  8. Click Get Password to obtain a random password.

Obtaining the Password Through APIs

  1. Obtain the private key file (.pem file) used when you created the ECS.
  2. Set up the API calling environment.
  3. Call APIs. For details, see "Before You Start" in the Elastic Cloud Server API Reference.
  4. Obtain the ciphertext password.

    Call the password obtaining APIs to obtain the ciphertext password of the public key encrypted using RSA. The API URI is in the format "GET /v2/{project_id}/servers/{server_id}/os-server-password".

    For details, see "Obtaining the Password for Logging In to an ECS" in the Elastic Cloud Server API Reference.

  5. Decrypt the ciphertext password.

    Use the private key file used when you created the ECS to decrypt the ciphertext password obtained in step 4.

    1. Run the following command to convert the ciphertext password format to ".key -nocrypt" using OpenSSL:

      openssl pkcs8 -topk8 -inform PEM -outform DER -in rsa_pem.key -out pkcs8_der.key -nocrypt

    2. Invoke the Java class library org.bouncycastle.jce.provider.BouncyCastleProvider and use the key file to edit the code decryption ciphertext.