Binding a Key Pair

If you set the login mode to Password when purchasing an ECS that runs Linux, you can bind a key pair to the ECS on the KPS console. KPS will configure the key pair, and then the ECS login mode will be changed to Key Pair. After the key pair is bound, you can use the private key to log in to the ECS.

This section describes how to bind a key pair to an ECS on the KPS console.

Prerequisites

The ECS must be in the Running or Shut down state.
The ECS has not been bound to a key pair.
The ECS whose key pair is to be reset uses the public image provided by Huawei Cloud.
To bind to a key pair, you can write the public key of the user to the /root/.ssh/authorized_keys file on the server. Ensure that the file is not modified before binding to the key pair. Otherwise, the binding will fail.

Constraints

On the management console, key pairs cannot be bound to ECSs that run Windows.
Key pairs cannot be bound to public images running CoreOS, OpenEuler, FreeBSD (Other), Kylin V10 64-bit, or UnionTech OS Server 20 Euler 64-bit.

Binding a Key Pair

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click . Choose Security & Compliance > Data Encryption Workshop.
In the navigation pane on the left, click Key Pair Service.
Click the ECS List tab.

Figure 1 Binding
Click Bind in the row of an ECS to open the Bind Key Pair dialog box.
- If the ECS is shut down, a dialog box will be displayed, as shown in Figure 2.
  Figure 2 Binding a key pair (1)
- If the ECS is running, you need to provide the root password. See Figure 3.
  Figure 3 Binding a key pair (2)
  - If you have the root password of the ECS, you can directly enter the password to bind the key pair to the ECS.
  - If you do not have the root password of the ECS, you can shut down the ECS and bind the key pair when the ECS is in the shut-down state.
Select a new key pair from the drop-down list box of New Key Pair.
The default port number is 22 and can be modified.
Before using user-defined port, ensure that:
- The key pair can be connected to the ECS using the port. For details about how to modify the security group configuration of an ECS, see Configuring Security Group Rules.
- Modify the default port of the ECS and ensure that the port is enabled. For details, see Enhancing Security for SSH Logins to Linux ECSs.
You can choose whether to disable the password login mode as necessary. By default, the password login mode is disabled.
- If you do not disable the password login mode, you can use the password or the key pair to log in to the ECS.
- If the password login mode is disabled, you can use only the key pair to log in to the ECS. If you need to use the password login mode later, you can enable the password login mode again. For details, see How Do I Enable the Password Login Mode for an ECS?
Select I have read and agree to the Key Pair Service Disclaimer.
Click OK to complete the operation.
- If the ECS is not shut down, use the root password to bind the key pair. It takes about 30 seconds to complete.
- If the ECS is shut down, the binding operation may take about five minutes.