Managing Login Credentials (Usernames/Passwords/Key Pairs)

Background

After creating an ECS, you can log in to it as the default user or a created user, or connect to it using a password or key pair.

Prerequisites

An ECS already has an EIP bound. For details, see Binding an EIP.

Managing Passwords

When creating an ECS, set the login mode to Password or Set password later.

Figure 1 Setting the login mode to the password

Figure 2 Setting the password later

• Resetting a password:

  If no password was set for the ECS or you forgot the password, reset the password by referring to Overview of Password Reset, Online Password Reset (without restarting the ECS), or Offline Password Reset (with the need to restart the ECS).

  1. An ECS does not have a default password. If no password was set during ECS creation or you forgot the password after creating it, reset the password.
  2. If the image used to create the ECS does not have the UniAgent installed, you cannot reset the password online (without restarting the ECS). You can only reset the password offline (with the need to restart the ECS).
• Changing a password:

  If the password is known and needs to be changed, do as follows:

  • Online password reset: If the UniAgent plug-in has been installed on the ECS, you can reset the password online. If the reset fails or the UniAgent is not installed, manually change the password.
  • Manually changing a password:
    • Linux:
      1. Log in to the Linux ECS by referring to Login Overview (Linux).
      2. Run the following command (replace username with the target username), enter the new password as prompted, press Enter, and enter the new password again:

         sudo passwd <username>

         For security purposes, the entered password is hidden.

         If information similar to the figure below is displayed, the password is changed successfully.

         

    • Windows (Windows Server 2022 is used as an example):
      1. Log in to the Windows ECS by referring to Login Overview (Windows).
      2. Click , select Windows System, and click Run.

         

      3. Enter compmgmt.msc and click OK.

         

      4. In the navigation pane, choose Computer Management (Local) > System Tools > Local Users and Groups > Users.

         

      5. Right-click the user whose password needs to be changed (for example, Administrator) and choose Set Password... from the shortcut menu.

         

      6. In the Set Password for Administrator dialog box, click Proceed.

         

      7. Enter a new password, confirm it, and click OK.

         For better security, you are advised to set a strong password (contains more than eight characters, including uppercase letters, lowercase letters, digits, and special characters). Keep the new password secure.

         

      8. If the password is changed successfully, the Local Users and Groups dialog box is displayed, indicating that the password has been set.

         

Managing Key Pairs

When purchasing an ECS, set Login Mode to Key Pair.

A key pair consists of a public key and a private key. The public key is stored in the ECS, and the private key is kept by yourself. When logging in to an ECS, you must provide a private key for login authentication.

• Create a key pair using either of the following methods:

  Method 1: Create a key pair on the management console by referring to (Recommended) Creating a Key Pair on the Management Console.

  Method 2: Create a key pair locally.

  • Windows: Create a key pair using PuTTY Key Generator and import it to the management console. For details, see Creating a Key Pair Using PuTTY Key Generator and Importing a Key Pair.
  • Linux/MacOS:
    1. Run the following command to extract the public key from the private key file:

       ssh-keygen -y -f <private-key-file>

       

    2. Import the key pair. For details, see Importing a Key Pair.

       The public key to be imported is the one you obtained in the previous step.

• Replace the key pair if the private key is disclosed. For details, see Replacing a Key Pair.
• Unbind the key pair if you want to change the login mode from Key Pair to Password. For details, see Unbinding a Key Pair.
• Delete the key pair if it is no longer used. For details, see Deleting a Key Pair.

Remotely Logging In to an ECS Using a Created User

If you want to configure multi-user logins for ECSs, perform the following operations to create users and enable remote login:

• Windows:

  By default, a Windows ECS allows two users to remotely log in to it using RDP. To enable more users to log in to a Windows ECS at the same time, enable the remote desktop service. For details, see How Do I Configure Multi-User Logins for an ECS Running Windows Server 2012?

  1. Connect to the Windows ECS using a suitable login mode. For details, see Login Overview (Windows).
  2. Click to open Control Panel.

     

  3. Click Control Panel.

     

  4. In the Control Panel window, click Change account type under User Accounts.

     

  5. Click Add a user account.

     

  6. In the User name text box, enter the new user name (for example, new_user).

     In the Password and Confirm password text boxes, enter the password. The two passwords must be the same. Keep the password secure.

     In the Password hint text box, enter the password hint as needed.

     After all the preceding parameters are set, click Next.

     

  7. Click Finish.

     

     The added user is displayed in the Manage Accounts window.

     

  8. Enter Computer Management in the search box and click Computer Management.

     

  9. In the navigation tree on the left, choose Computer Management (Local) > System Tools > Local Users and Groups > Groups, and double-click Remote Desktop Users.

     

  10. Click Add.... In the displayed dialog box, enter the created username in the Enter the object names to select (example) text box, and click Check Names. The object name in the Hostname\Username format is automatically filled. Click OK.

      

  11. Return to the Remote Desktop Users Properties window. The created user is displayed in the Members area. Click Apply to save the settings and then click OK.

      

  12. Verify that the created user can be used to log in to the ECS.

      On the login page, select the created user in the lower left corner, enter the password specified during user creation, and press Enter. The created user can be used to log in to the system.

      

• Linux:
  1. Connect to the Linux ECS using a suitable login mode. For details, see Login Overview (Linux).
  2. Create a user.
     1. Run the command below to create a user. <username> indicates the username to be created.

        sudo useradd -m <username>

     2. Run the following command to check whether the user has been created:

        groups <username>

        

  3. Set a key pair for the user as needed.
     1. Prepare the key pair.

        If you use your own key pair, you need to store public key id_rsa.pub in the Linux ECS. You can use the private key file id_rsa to log in to the Linux ECS.

        If no key pair is available, run the command below and keep pressing Enter until a 2,048-bit RSA key pair is generated. Public key id_rsa.pub and private key id_rsa are generated in the current path.

        ssh-keygen -t rsa -b 2048 -f "./id_rsa"

        Figure 3 Generating an RSA key pair
        
        Figure 4 Key pair file
        
     2. Configure the public key in the authorized_keys file.

        Copy the content of the public key file to the .ssh/authorized_keys file in the user root directory of the ECS. You can use a file transfer tool, such as Xftp, to upload the file.

        1. Run the following command to create the .ssh folder in the user directory:

           sudo mkdir /home/<username>/.ssh

        2. Create the authorized_keys file in the .ssh directory and copy the content of the public key file generated or prepared in step 3.a to this file. You can use the vim editor to create and modify the file.

           sudo vim /home/<username>/.ssh/authorized_keys

        3. Change the permissions on the .ssh directory and the authorized_keys file.

           sudo chown -R <username>:<username> /home/<username>/.ssh
           sudo chmod 700 /home/<username>/.ssh 
           sudo chmod 600 /home/<username>/.ssh/authorized_keys

           

        4. Run vim commands to open the /etc/ssh/sshd_config file and enter insert mode. Set both PubkeyAuthentication and RSAAuthentication to yes. RSAAuthentication is optional and seldom used. The value yes indicates that RSA authentication is enabled.

           PubkeyAuthentication yes
           RSAAuthentication yes

           When setting the preceding parameters, you can search for the parameter names first. As shown in the following figure, you only need to uncomment the line (delete #) that contains the target parameter.

           

        5. Run the following command to restart sshd to apply the configuration:

           sudo systemctl restart sshd

           Run the following command to check the status of the sshd service and ensure that the service has been restarted:

           sudo systemctl status sshd

           

           

           • The SSH service name of some OSs is ssh, not sshd. You can run the command as need.
           • If you are connecting to the ECS using SSH, restarting the SSH service may interrupt the connection. Wait until the service is restarted and then reconnect to the ECS. If the service fails to be restarted, you are advised to log in to the ECS using VNC for troubleshooting.
        6. Remotely log in to the ECS using the created user. For details, see Logging In to a Linux ECS Using an SSH Key Pair.
  4. Set a password for the created user as needed.
     1. Run the following command (replace username with the target username), enter the new password as prompted, press Enter, and enter the new password again:

        sudo passwd <username>

        For security purposes, the entered password is hidden.

     2. If information similar to the figure below is displayed, the password is changed successfully.

        

     3. Remotely log in to the ECS using the created user. For details, see Logging In to a Linux ECS Using an SSH Password.

FAQs

1. What is the default username for logging in to an ECS?
   • Linux ECSs: The default username is root. If you have set a username when creating the ECS, the default username is the one you set.
   • Windows ECSs: The default username is Administrator.
2. What are the default password, initial password, and remote login password of an ECS?

   Huawei Cloud does not set an initial or default password for an ECS, nor does it save the password you set. Keep your password secure. If no password was set during ECS creation or you forgot the password, reset the password by referring to Overview of Password Reset.

3. Why does the online password reset fail?

   Generally, the cause is that the security software on the ECS intercepted the password change command. In this case, you are advised to reset the password offline by referring to Offline Password Reset.

4. Can I use both SSH key pair and password to log in to a Linux ECS?

   Yes. You can modify the SSH service configuration file /etc/ssh/sshd_config to enable two login modes. After the modification, restart the SSH service.

   • SSH key pair authentication (recommended, high security): You can set PubkeyAuthentication to yes to enable SSH key pair authentication.
   • SSH password authentication (not recommended, low security): You can set PasswordAuthentication to yes to enable SSH password authentication.