Updated on 2025-08-25 GMT+08:00

ECSs Have Key Pairs Attached

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

ecs-instance-key-pair-login

Identifier

ECSs Have Key Pairs Attached

Description

If an ECS does not have a key pair configured, this ECS is non-compliant.

Tag

ecs

Trigger Type

Configuration change

Filter Type

ecs.cloudservers

Rule Parameters

None

Application Scenarios

A key pair consists of a public key and a private key. Key Pair Service (KPS) stores the public key and you store the private key. If you have imported a public key into a Linux ECS, you can use the corresponding private key to log in to the ECS without a password. Key pairs provide the following benefits:

  • Preventing credential leakage: You can configure key pairs and disable password login to prevent brute force attacks. Private keys are usually more difficult to guess or crack than passwords.
  • Encrypted communication: Key pairs use asymmetric encryption technology to ensure SSH communication security and prevent man-in-the-middle (MITM) attacks.

Solution

On the management console, create a key pair and clear the password for an ECS. For details, see Key Pairs.

Rule Logic

  • If an ECS does not have a key pair configured, this ECS is non-compliant.
  • If an ECS has a key pair configured, this ECS is compliant.