Introduction to Key Pairs
Key Pairs
Key pairs (SSH key pairs) are a set of security credentials for identity authentication when you remotely log in to FlexusX instances.
A key pair consists of a public key and a private key. Key Pair Service (KPS) stores the public key and you store the private key. If you have bound a public key to a Linux instance, you can use the corresponding private key, rather than a password, to log in to the instance. You do not need to worry about password interception, cracking, or leakage.
You can use Data Encryption Workshop (DEW) to manage key pairs, including creating, importing, binding, viewing, resetting, replacing, unbinding, and deleting key pairs.
This section describes how to create and bind a key pair. For details about other operations, see KPS.
Working Principles
- Encryption and decryption
- When you use a public key to encrypt data, only the corresponding private key can be used to decrypt the data. For example, if a user (user A) wants to send messages to another user (user B) securely, user A can use user B's public key to encrypt the messages, and user B uses its own private key to decrypt the messages.
- If you use a private key to encrypt data, the public key can be used to decrypt data. This method is mainly used for digital signature to verify the information source and integrity.
- Digital signature
- User A uses its private key to generate a signature for data, and then sends the data and signature to user B.
- User B uses user A's public key to verify the signature. If the verification is successful, the data was not tampered with and was sent from user A.
Scenarios
When purchasing a FlexusX instance, you can select a key pair for identity authentication. For Windows instances, you can use the key pair to obtain the login password.
- Logging in to a Linux FlexusX instance You can directly use a key pair to log in a Linux instance.
- When creating a FlexusX instance, select the key pair login mode. For details, see "Login Mode" in Purchasing a FlexusX Instance.
- After the FlexusX instance is created, you can bind a key pair to it. For details, see Binding a Key Pair on the FlexusX Instance Details Page or Binding a Key Pair on the DEW Console.
- Logging in to a Windows FlexusX instance
You can use the key pair to obtain a password for login. The password is randomly generated and is more secure. For details, see Obtaining the Password for Logging In to a Windows ECS. The ECS guide also applies to FlexusX instances.
Key Pair Operation Guide
| Scenario | Description |
|---|---|
| Creating a key pair | If no key pair is available, create one to generate a public key and a private key. Use the private key for login authentication. For details about how to create a key pair, see Creating a Key Pair. |
| Binding a key pair |
|
Constraints
- Key pairs can only be used for Linux instance remote login.
- The SSH key pairs created on the management console support the following cryptographic algorithms:
- SSH-ED25519
- ECDSA-SHA2-NISTP256
- ECDSA-SHA2-NISTP384
- ECDSA-SHA2-NISTP521
- SSH_RSA: The length can be 2,048, 3,072, or 4,096 bits.
- Key pairs can only be used for instances in the same region.
- Imported SSH key pairs support the following cryptographic algorithms:
- SSH-DSS
- SSH-ED25519
- ECDSA-SHA2-NISTP256
- ECDSA-SHA2-NISTP384
- ECDSA-SHA2-NISTP521
- SSH_RSA: The length can be 2,048, 3,072, or 4,096 bits.
- The private key is one of the most important methods to protect your FlexusX instances during the remote login. To ensure instance security, the private key can be downloaded only once. Therefore, keep it secure.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot