Importing a Key Pair

Scenarios

You can import the public key of a key pair to the management console and use the corresponding private key to remotely log in to the ECS. You can also save your private keys in KPS for unified management.

You need to import a key pair to the ECS when you:

• Create a key pair using puttygen.exe.

• Import the public key of an existing local key pair (for example, generated using PuTTYgen) to let the system maintain your public key.
  

  If the public key of the existing key pair is stored by clicking Save public key on PuTTY Key Generator, the public key cannot be imported to the management console.

  If you want to use this existing key pair for remote login, see Why Does a Key Pair Created Using puttygen.exe Fail to Be Imported on the Management Console?

Constraints

• The key pair name must be unique.
• Imported key pairs support the following cryptographic algorithms:
  • SSH-DSS
  • SSH-ED25519
  • ECDSA-SHA2-NISTP256
  • ECDSA-SHA2-NISTP384
  • ECDSA-SHA2-NISTP521
  • SSH_RSA: The length can be 2,048, 3,072, or 4,096 bits.

Procedure

1. Log in to the management console.
2. Click . Under Compute, click Elastic Cloud Server.
3. In the navigation pane on the left, choose Key Pair. The Key Pair Service page is displayed.

   Key pairs include account key pairs and private key pairs. By default, the Account Key Pairs tab is displayed.

   An account key pair can be used by multiple IAM users in the account. A private key pair can only be used by the IAM user. You can create key pairs as needed.

4. On the Key Pair Service page, click Import Key Pair.
   Figure 1 Importing a key pair
   
5. In the slide-out Import Key Pair panel, click Import Public Key and select the public key file of the key pair.

   Batch import is supported. A maximum of 10 public keys can be imported all at one time. If the system displays a message indicating that the name already exists, it means the private key pair with the same name already exists in the account key pair or private key pair. In this case, you need to change the key pair name.

6. Set the key pair name.

   After the public key is imported, the key pair name is automatically updated to the public key name. You can change the key pair name as needed. The key pair name can contain only letters, digits, underscores (_), and hyphens (-).

7. (Optional) Configure private key hosting for the key pair. Skip this step if not needed.
   1. Select I agree to host the private key of the key pair.
   2. Copy the private key content of the key pair and paste it to the Private Key Content text box.
   3. Set KMS Encryption Key and specify an encryption key.
      • Select from List: The current account's key or a shared key will be used.
        • Default Keys: The default encryption key kps/default provided by KMS is used to encrypt private keys.
        • Custom Keys: Select a custom key created on KMS to encrypt the private key. For details, see Creating a Custom Key. To use a shared key created using RAM, accept the shared key, and select it from the bottom of the drop-down list, Shared is displayed next to the key name.
      • Enter: An authorized key will be used. Only the ID of a symmetric key is supported.

        After permissions are granted, you can enter the ID of the authorized key and use it for encryption. For details, see Creating a Grant for a Custom Key.

   

   • Key Management Service (KMS) is a secure, reliable, and easy-to-use cloud service that helps you create, manage, and protect keys easily. For details, see Key Management Service.
   • If KMS encryption is used, what you use beyond the free quota given by KMS will be billed. For details, see How Is DEW Charged?
8. Read and select I have read and agree to Key Pair Service Disclaimer.
9. Click OK.

Helpful Links

• What Should I Do If a Key Pair Cannot Be Imported?
• Creating a Key Pair Using PuTTY Key Generator
• Why Does a Key Pair Created Using puttygen.exe Fail to Be Imported on the Management Console?
• Can DEW Be Shared Across Accounts?
• Deleting a Key Pair