Application Scenarios for Using Key Pairs
Key Pairs
Key pairs are a set of security credentials for identity authentication when you remotely log in to ECSs.
A key pair consists of a public key and a private key. Key Pair Service (KPS) stores the public key and you store the private key. If you have imported a public key into a Linux ECS, you can use the corresponding private key to log in to the ECS without a password. Therefore, you do not need to worry about password interception, cracking, or leakage.
You can use Data Encryption Workshop (DEW) to manage key pairs, including creating, importing, binding, viewing, resetting, replacing, unbinding, and deleting key pairs.
This section describes how to create and import a key pair. For details about other operations, see Managing Key Pairs.
Scenarios
When purchasing an ECS, you are advised to select the key pair login mode. For Windows ECSs, key pairs are required to decrypt the passwords so that you can use the decrypted password to log in.
- Logging in to a Linux ECS
You can directly use a key pair to log in.
- When you are creating the ECS, select the key pair login mode. For details, see "Set Login Mode" in Step 3: Configure Advanced Settings.
- After the ECS is created, bind a key pair.
- Logging in to a Windows ECS
You can use the key pair to obtain a password for login. The password is randomly generated and therefore is more secure.
For details, see Obtaining the Password for Logging In to a Windows ECS.
Creating a Key Pair
You can create a key pair or use an existing one for remote login authentication.
- Creating a key pair
You can create a key pair using either of the following method:
- Follow the instructions in (Recommended) Creating a Key Pair on the Management Console. The public key is automatically stored in the system, and the private key is stored locally.
- Follow the instructions in Creating a Key Pair Using PuTTYgen. Both the public and private keys are stored locally.
After the key pair is created, import the key pair following the instructions provided in Importing a Key Pair so that you can use it.
- Using an existing key pair
If an existing key pair (created using PuTTYgen, for example) is available, you can import the public key by referring to Importing a Key Pair on the management console to let the system maintain the public key for you.
If the public key of the existing key pair is stored by clicking Save public key on PuTTY Key Generator, the public key cannot be imported to the management console.
If you want to use this existing key pair for remote login, see Why Does a Key Pair Created Using puttygen.exe Fail to Be Imported on the Management Console?
Constraints
- Key pairs can be used to remotely log in to Linux ECSs only.
- SSH-2 key pairs created on the console support only the RSA-2048 cryptographic algorithms.
- Key pairs can be used only for ECSs in the same region.
- Imported key pairs support the following cryptographic algorithms:
- RSA-1024
- RSA-2048
- RSA-4096
- Store your private key in a secure place because you need to use it to prove your identity when logging in to your ECS. The private key can be downloaded once only.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
