Creating a Key Pair
For system security purposes, it is recommended that you use the key pair authentication mode to authenticate the user who attempts to log in to an ECS.
You can create a key pair and use it for authentication when logging in to your ECS.
If you have already created a key pair, you do not need to create again.
You can create a key pair using either of the following methods:
- Creating a key pair on the management console
The public key is automatically saved in Huawei Cloud. The private key can be downloaded and saved on your local host. You can also save your private keys in Huawei Cloud and manage them with KPS based on your needs. Huawei Cloud uses encryption keys provided by KMS to encrypt your private keys to ensure secure storage and access. For details, see Creating a Key Pair Using the Management Console.
- The key pair created on the management console uses the SSH-2 (RSA, 2048) encryption and decryption algorithm.
- Key pairs created by an IAM user on the management console can be used only by the user. If multiple IAM users need to use the same key pair, you can create an account key pair.
- Creating a key pair using the PuTTYgen tool
Both the public key and private key can be stored on the local host. For details, see Creating a Key Pair Using PuTTYgen.
PuTTYgen is a tool for generating public and private keys. You can obtain the tool from https://www.putty.org/.
Prerequisites
When creating an account key pair for the first time, you need to obtain a user with the Tenant Administrator system role.
Creating a Key Pair Using the Management Console
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
. Choose . - In the navigation pane on the left, click Key Pair Service.
- Click Create Key Pair.
- In the Create Key Pair dialog box, enter a name for the key pair to be created.
Figure 1 Creating a key pair
- (Optional) Select a key pair type. If no key pair is enabled for your account, an SSH_RSA_2048 key pair will be created by default.
Currently, only the RSA algorithm can be used with Windows.
- If you want to have your private key managed, read and confirm I agree to have the private key managed by HUAWEI CLOUD. Select an encryption key from the KMS encryption drop-down list box. Skip this step if you do not need to have the private key managed.
- KPS uses the encryption key provided by KMS to encrypt private keys. When the user uses the KMS encryption function of the key pair, KMS automatically creates a default key kps/default for encryption of the key pair.
- When selecting an encryption key, you can select an existing encryption key or click View Key List to create an encryption key.
Figure 2 Managing private keys
- Read the Key Pair Service Disclaimer and select I have read and agree to the Key Pair Service Disclaimer.
- Click OK. The browser automatically downloads the private key. When the private key is downloaded, a dialog box is displayed.
- Save the private key as prompted by the dialog box.
- If the private key is not managed, it can be downloaded only once. Keep it properly. If the private key is lost, you can bind a key pair to the ECS again by resetting the password or key pair. For details, see How Do I Handle the Failure in Logging In to ECS After Unbinding the Key Pair?
- If you have authorized Huawei Cloud to manage the private key, you can export the private key anytime as required.
- After the private key is saved, click OK. The key pair is created successfully.
After the key pair is created, you can view it in the list of key pairs. The list displays information such as key pair name, fingerprint, private key, and quantity.
Creating a Key Pair Using PuTTYgen
- Generate the public and private keys. Double-click PuTTYgen.exe. The PuTTY Key Generator page is displayed, as shown in Figure 3.
- Configure the parameters as described in Table 1.
Table 1 Parameter description Parameter
Description
Type of key to generate
Encryption and decryption algorithm of key pairs to be imported to the management console. Currently, only SSH-2 RSA is supported.
Number of bits in a generated key
Length of a key pair to be imported to the management console. Currently, the following length values are supported: 1024, 2048, and 4096.
- Click Generate to generate a public key and a private key. See Figure 4.
- Copy the information in the blue square and save it in a local .txt file.
Do not save the public key by clicking Save public key. Saving a public key by clicking Save public key of PuTTYgen will change the format of the public key content. Such a key cannot be imported to the management console.
- Save the private key in PPK or PEM format.
For security purposes, the private key can only be downloaded once. Keep it secure.
Table 2 Format of a private key file Private Key File Format
Private Key Usage Scenario
Saving Method
PEM
- Use the Xshell tool to log in to the cloud server running the Linux operating system.
- Manage the private key on the management console.
- Choose Conversions > Export OpenSSH key.
- Save the private key, for example, kp-123.pem, to a local directory.
Obtain the password of a cloud server running the Windows operating system.
- Choose Conversions > Export OpenSSH key.
NOTE:
Do not enter the Key passphrase information. Otherwise, the password fails to be obtained.
- Save the private key, for example, kp-123.pem, to a local directory.
PPK
Use the PuTTY tool to log in to the cloud server running the Linux operating system.
- On the PuTTY Key Generator page, choose File > Save private key.
- Save the private key, for example, kp-123.ppk, to a local directory.
After the public key and private key are correctly saved, you can import the key pair to the management console.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
