Updated on 2024-05-15 GMT+08:00

Replacing a Key Pair

If your private key is leaked, you can use a new key pair to replace the public key of the ECS through the management console. After replacing the key pair, you need to use the private key of the new key pair to log in to the ECS, and the original private key cannot be used to log in to the ECS.

This section describes how to replace a key pair on the KPS console.


  • The ECS whose key pair is to be replaced uses the public image provided by Huawei Cloud.
  • To replace the key pair, you can replace the public key of the user by modifying the /root/.ssh/authorized_keys file on the server. Ensure that the file is not modified before replacing the key pair. Otherwise, replacing the public key will fail.
  • The ECS must be in the Running state.


  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click . Choose Security & Compliance > Data Encryption Workshop.
  4. In the navigation pane on the left, click Key Pair Service.
  5. Click the ECS List tab.
  6. Locate the target ECS and click Replace, the key pair replacement dialog box is displayed, as shown in Figure 1.

    Figure 1 Replacing a key pair

  7. Select a new key pair from the drop-down list box of New Key Pair.
  8. Click Select File to upload the private key (in .pem format) of the original key pair or copy the private key content to the text box.

  9. The default port number is 22 and can be modified.

    Before using user-defined port, ensure that:

  10. Read and select I have read and agree to the Key Pair Service Disclaimer.
  11. Click OK. The key pair will be replaced in about one minute.