Help Center/ Data Encryption Workshop/ FAQs/ KPS Related/ How Do I Handle the Failure in Unbinding a Key Pair?
Updated on 2025-05-26 GMT+08:00

How Do I Handle the Failure in Unbinding a Key Pair?

Symptom

Failed to unbind the key pair from the ECS.

The Failed Key Pair Task dialog box only records and displays failed key pair operations on ECSs, which do not affect the ECS status and subsequent operations. You can locate the target failure record and click Delete in the Operation column, or can click Delete All to delete all failure records.

Possible Causes

  • An incorrect or invalid private key has been provided.
  • The inbound direction of port 22 of the ECS security group is not open to 100.125.0.0/16.
  • SSH configuration of the ECS has been modified.
  • The ECS has been shut down, started, or a disk has been detached during the process of unbinding the key pair from the ECS.
  • The network connection is faulty.
  • A firewall rule is configured when an ECS is started and unbound.
  • Unbinding a key pair on KPS is not supported by the current OS.

    You can unbind an ECS on the KPS console for the following OSs: EulerOS, CentOS, RedHat, SUSE, Debian, OpenSUSE, Oracle Linux, Fedora, Ubuntu, Huawei Cloud EulerOS, AlmaLinux, Rocky Linux, CentOS Stream, and OpenEuler.

Handling Procedure

  1. Check the ECS status.

    • If it is running, go to Step 2.
    • If it is shut down, go to Step 4.

  2. Use the SSH key pair to log in to the ECS and check whether the private key is correct.

    • If it is correct, go to Step 4.
    • If it is incorrect, use the correct private key to unbind the key pair again.

  3. Check whether the /root/.ssh/authorized_keys file of the ECS has been modified.

    • If yes, restore the original content of the /root/.ssh/authorized_keys file.
    • If no, go to Step 4.

  4. Check whether the inbound direction of port 22 of the ECS security group is open to 100.125.0.0/16. That is, 100.125.0.0/16 can remotely connect to Linux ECSs through SSH.

    • If yes, go to Step 5.
    • If no, add the following security group rule and unbind the key pair again.

      Direction

      Protocol/Application

      Port

      Source

      Inbound

      SSH (22)

      22

      100.125.0.0/16

  5. Check whether the ECS can be powered on, shut down, and logged in to.

    • If yes, unbind the key pair again.
    • If no, go to Step 6.

  6. Check whether the network is faulty.

    • If yes, contact technical support to check and locate the fault.
    • If no, unbind the key pair again.