(Recommended) Creating a Key Pair on the Management Console

Scenarios

You can create a key pair on the management console. After the key pair is created, the public key is automatically stored in the system, and the private key is stored in your local computer. After a key pair is created for an ECS on the management console, ensure that you store your private key in a secure place. Without a private key, you will not be able to log in to the ECS.

Procedure

1. Log in to the management console.
2. Click in the upper left corner and select a region and project.
3. Click . Under Compute, click Elastic Cloud Server.
4. In the navigation pane on the left, choose Key Pair. The Key Pair Service page is displayed.

   Key pairs include account key pairs and private key pairs. By default, the Account Key Pairs tab is displayed. You can create key pairs based on your needs.

   Table 1 Key pair category

   Key Pair Category	Description
   Account key pair	An account key pair can be used by multiple IAM users in the account. Only users with the Tenant Administrator system role can create an account key pair upon first creation.
   Private key pair	A private key pair created by an IAM user on the management console can be used only by the user. If multiple IAM users need to use the same key pair, upgrade it to an account key pair. For details, see Upgrading a Private Key Pair to an Account Key Pair.

5. Click Create Key Pair.
6. Configure required parameters.

   Table 2 Parameters for creating a key pair

   Parameter	Description
   Key Pair Name	The name of the key pair. Only letters, digits, underscores (_), and hyphens (-) are allowed.
   Type	Signature algorithm of the SSH key pair. RSA, ECDSA, and EdDSA are supported. Key pair types include SSH_RSA_2048, SSH_RSA_3072, SSH_RSA_4096, SSH_ED25519_256, SSH_ECDSA_256, SSH_ECDSA_384, and SSH_ECDSA_521. NOTE: If you have not enabled your account key pair, this parameter is invalid. An SSH_RSA_2048 key pair will be created by default. Currently, only the RSA algorithm can be used with Windows.

7. (Optional) Configure private key hosting for the key pair. Skip this step if not needed.
   1. Select I agree to host the private key of the key pair.
   2. Set KMS Encryption Key and specify an encryption key.
      • Select from List: The current account's key or a shared key will be used.
        • Default Keys: The default encryption key kps/default provided by KMS is used to encrypt private keys.
        • Custom Keys: Select a custom key created on KMS to encrypt the private key. For details, see Creating a Custom Key. To use a shared key created using RAM, accept the shared key, and select it from the bottom of the drop-down list, Shared is displayed next to the key name.
      • Enter: An authorized key will be used. Only the ID of a symmetric key is supported.

        After permissions are granted, you can enter the ID of the authorized key and use it for encryption. For details, see Creating a Grant for a Custom Key.

   

   • Key Management Service (KMS) is a secure, reliable, and easy-to-use cloud service that helps you create, manage, and protect keys easily. For details, see Key Management Service.
   • If KMS encryption is used, what you use beyond the free quota given by KMS will be billed. For details, see How Is DEW Charged?
8. Read and select I have read and agree to Key Pair Service Disclaimer.
9. Click OK. The browser prompts you to download the private key file or automatically downloads the private key file.
   The file name is the specified key pair name with a suffix of .pem. Ensure that the private key is successfully downloaded locally and keep the private key secure.

   

   • If the private key is not hosted, it can be downloaded only once. Keep it properly.

     If the private key is lost, you can reset the key pair to bind a new key pair to the ECS. For details, see Resetting a Key Pair.

   • If you have authorized Huawei Cloud to host the private key, you can export the hosted private key as required. For details, see Exporting a Private Key.
10. After the key pair is created, you can view it in the key pair list, including the name, fingerprint, and status.

Related Operations

• If your private key file is lost, you can reset the key pair.
• If your private key file is disclosed, you can use a new key pair to replace the public key of the ECS.
• If the created or imported key pair is no longer used, you can delete the key pair.