Help Center/ Data Encryption Workshop/ Getting Started/ Binding a Key Pair and Logging In to an ECS Using a Private Key
Updated on 2024-11-29 GMT+08:00

Binding a Key Pair and Logging In to an ECS Using a Private Key

A key pair, including one public key and one private key, are generated based on a cryptographic algorithm. The public key is automatically saved in Key Pair Service (KPS), while the private key can be saved to the user's local host. If you have configured the public key in a Linux ECS, you can use the private key to log in to the ECS for better security.

This section describes how to bind a key pair and log in to an ECS using a private key.

Procedure

The following uses an SSH_RSA_2048 key pair as an example to describe how to create a key pair and use the key to log in to an ECS. The following figure shows the process.

Figure 1 Creating a key pair and using it to log in to an ECS

Procedure

Description

Preparations

Register a Huawei ID, enable Huawei Cloud services, top up the account, and grant KPS permissions to the account.

Step 1: Creating a Key Pair

Create a key pair and select the key pair type.

Bind a key pair to the ECS.

Step 3: Logging in to an ECS Using a Private Key

After the key pair is bound, use the private key to log in to the ECS.

Preparations

  1. Before creating key pair, register a Huawei Cloud account and enable Huawei Cloud services. For details, see Signing up for a Huawei ID and Enabling Huawei Cloud Services and Real-Name Authentication.

    If you have enabled Huawei Cloud services and completed real-name authentication, skip this step.

  2. An ECS has been created. For details, see Purchasing a Custom ECS.

    The SSH port (22 by default) of the ECS security group must allow traffic from the 100.125.0.0/16 CIDR block in advance. For details about ports and CIDR blocks, see Enhancing Security for SSH Logins to Linux ECSs.

  3. You have created an encryption key on KMS.
    • The default key is kps/default.
    • Select the custom keys created on KMS. For details, see Creating a Key.

Step 1: Creating a Key Pair

  1. Log in to the management console. Click on the left and choose Security & Compliance > Data Encryption Workshop.
  2. In the navigation pane on the left, choose Key Pair Service. Click the Private Key Pairs tab and click Create Key Pair in the upper left corner.
  3. Configure the parameters as follows:
    • Type: Choose SSH_RSA_2048.
    • Select I agree to manage the private key of the key pair.
    • KMS Encryption Key: Choose the default key or a created key from the list.
    • Select I have read and agree to the Key Pair Service Disclaimer.
  4. Click OK. The private key file is downloaded automatically. When a message is displayed, indicating that the download is complete, save the private key file.
  1. Log in to the management console. Click on the left and choose Security & Compliance > Data Encryption Workshop.
  2. In the navigation pane on the left, choose Key Pair Service. In the ECS List tab, locate the target ECS in the Shut down state, and click Bind in the Operation column.
  3. Configure the parameters as follows:
    • New Key Pair: Choose the target key pair from the drop-down list.
    • Select Disable the password login mode.
    • Select I have read and agree to the Key Pair Service Disclaimer.
  4. Click OK.
  1. Log in to the management console. Click on the left and choose Security & Compliance > Data Encryption Workshop.
  2. In the navigation pane on the left, choose Key Pair Service. In the ECS List tab, locate the target ECS in the Running state, and click Bind in the Operation column.
  3. Configure the parameters as follows:
    • New Key Pair: Choose the target key pair from the drop-down list.
    • Enter the password of user root.
    • The default port is 22.
    • Select Disable the password login mode.
    • Select I have read and agree to the Key Pair Service Disclaimer.
  4. Click OK.

Step 3: Logging in to an ECS Using a Private Key

  1. Check whether the private key file has been converted to .ppk format.
    • If yes, log in to the ECS server.
    • If no, perform the following operations to convert the format of the private key file and then log in to ECS.

      Open the third-party PuTTY, import the .pem private key file, and export the converted .ppk private key file.

      Figure 2 Converting the format of the private key file
  2. Use PuTTY to log in to ECS.
    • Enter the IP address of the ECS. Port 22 is used by default.
      Figure 3 IP address of ECS
    • Enter the username of the ECS image.
      Figure 4 Username
    • Upload the private key file in .ppk format.
      Figure 5 Uploading the private key file
    • Click Open.