Help Center/ Data Encryption Workshop/ FAQs/ KPS Related/ How Do I Handle the Failure in Binding a Key Pair?
Updated on 2025-05-26 GMT+08:00

How Do I Handle the Failure in Binding a Key Pair?

Symptom

Failed to bind the key pair to the ECS.

  • The Failed Key Pair Task dialog box only records and displays failed key pair operations on ECSs, which do not affect the ECS status and subsequent operations. You can locate the target failure record and click Delete in the Operation column, or can click Delete All to delete all failure records.
  • Click Learn more to view related documents.

Typical Errors in KPS Key Pair Tasks

Category

Error Information

Error Cause

Solution

SSH connection failure

Invalid server login credential. Message: ******

Failed to log in to the ECS in SSH mode using the authentication information provided by the user. Possible causes:

  1. The authentication information provided by the user is incorrect.
  2. SSH configuration of the ECS has been modified.
  3. The ECS is locked due to multiple authentication failures.

Use the password or private key to log in to the ECS. Check whether the password is correct.

SSH connection failure. Check your port.

Failed to log in to the ECS in SSH mode using the authentication information provided by the user. Possible causes:

  1. The SSH service is not bound to the specified port.
  2. The SSH service is abnormal.

Log in to the ECS using SSH. Check the listening status of the service port.

Timeout: socket is not established. Check your security group rules.

Failed to log in to the ECS in SSH mode using the authentication information provided by the user. Possible causes:

  1. The inbound direction of the specified port of the ECS security group is not open to 100.125.0.0/16.
  2. Firewall rules have been configured for the ECS.

Log in to the ECS using SSH. Check the security group and firewall rules.

ECS status check failure

ECS is being executed.

Failed to check the ECS status. Possible cause: The ECS is being created.

Wait until the ECS is created.

Image information of the server not found.

Failed to check the ECS status. Possible cause: An unregistered image is used.

Use a registered image.

ECS OS not supported.

Failed to check the ECS status. Possible cause: An unsupported OS is used.

Use an OS supported by KPS.

Server status error.

Failed to check the ECS status. Possible causes:

  • The ECS is not in the ACTIVE state.
  • The ECS is not in the SHUTOFF state.

Go to the ECS console and change the ECS status.

System volume not found.

Failed to check the ECS status. Possible cause: Failed to query the disks mounted to the ECS.

Go to the ECS console and mount a disk to the ECS.

Key pair binding failure

Too many key pairs to be bound in batches.

Failed to bind key pairs in batches. Possible cause: The number of key pairs to be bound exceeds the upper limit.

Delete some key pair to be bound.

Key pairs to be bound in batches are inconsistent.

Failed to bind key pairs in batches. Possible cause: Different key pairs are used.

Use only the same key pairs for batch binding.

Unavailable ECS flavor.

Failed to bind the key pair. Possible cause: Failed to obtain the flavor information.

Check the ECS flavor.

Key pair API parameter check

The imported private key does not match the public key.

Failed to check the key pairs. Possible causes:

  • The format of the current public and private keys is incorrect.
  • The public and private keys are not a pair.

Check the format of the public and private keys and check whether they are a pair.

Invalid parameter.

Failed to check the key pair API parameter. Possible causes:

  1. Mandatory parameters are left blank.
  2. The key pair name is invalid.
  3. Other parameters are incorrectly configured.

Check the invoking parameters.

Invalid key pair type.

Failed to check the key pair API parameter. Possible cause: The key pair type is not ssh or x509 as required.

Check the invoking parameters.

Handling Procedure

You can troubleshoot the fault by performing the following steps:

  1. Check the ECS status.

    • If it is running, go to Step 2.
    • If it is shut down, go to Step 5.

  2. Use the password to log in to the ECS to check whether the password is correct.

    • If it is correct, go to Step 4.
    • If it is incorrect, use the correct password to bind the key pair again.

  3. Check whether the permission path and owner group of the /root/.ssh/authorized_keys file on the ECS have been modified.

    • If yes, restore the permission to the following:
      • The owner group of each level has the root:root permission.
      • The permission for the .ssh file is 700.
      • The permission for authorized_keys is 600.
    • If no, go to Step 4.

  4. Check whether the /root/.ssh/authorized_keys file of the ECS has been modified.

    • If yes, restore the original content of the /root/.ssh/authorized_keys file based on the site requirements.
    • If no, go to Step 5.

  5. Check whether the inbound direction of port 22 of the ECS security group is open to 100.125.0.0/16. That is, 100.125.0.0/16 can remotely connect to Linux ECSs through SSH.

    • If yes, go to Step 6.
    • If no, add the following security group rule and bind the key pair again. For details about how to add a security group, see Adding a Security Group Rule.

      Direction

      Protocol/Application

      Port

      Source

      Inbound

      SSH (22)

      22

      100.125.0.0/16

  6. Check whether the ECS can be powered on, shut down, and logged in to.

    • If yes, bind the key pair again.
    • If no, go to Step 7.

  7. Check whether the network is faulty.

    • If yes, contact technical support to check and locate the fault.
    • If no, bind the key pair again.