You can specify an SSH key pair when you create an Elastic Compute Service (ECS) instance, or bind an SSH key pair to the instance after the instance is created. You can use SSH key pairs to establish secure connections to ECS instances and facilitate multi-user access management. You can also batch bind SSH key pairs or configure SSH key pairs to be automatically bound. This topic describes how to bind an SSH key pair to one or more ECS instances after the ECS instances are created.
Limits
In the ECS console, you can bind only one SSH key pair to an instance but can bind an SSH key pair to multiple instances.
If you bind an SSH key pair to an instance to which another SSH key pair is already bound, the new key pair replaces the original key pair.
If you bind an SSH key pair to an instance that uses password-based authentication, password-based authentication is automatically disabled for the instance after the key pair is bound.
For Linux instances, the public key information of key pairs is stored in the ~/.ssh/authorized_keys file. You can modify the file to add or replace multiple SSH key pairs for an instance. For more information, see Add or replace an SSH key pair.
Prerequisites
You have created and imported SSH key pairs. For more information, see Create an SSH key pair and Import an SSH key pair.
Bind an SSH key pair to an instance
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
Find the instance to which you want to bind an SSH key pair. In the Actions column, choose
> Instance Attributes > Bind Key Pair. Select a key pair from the Select Key Pair drop-down list and click OK.
Start or restart the instance for the SSH key pair to take effect.
If the instance is in the Stopped state, start the instance for the SSH key pair to take effect. For more information, see Start an instance.
If the instance is in the Running state, click Restart Now to restart the instance. After the instance is restarted, the SSH key pair takes effect.
Bind an SSH key pair to multiple instances at a time
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
Find the SSH key pair that you want bind and click Bind in the Actions column.
In the Selected ECS Instance column, select the instances to which you want to bind the SSH key pair and click the > icon to move the instances to the Selected column.
NoteOnly Linux instances support SSH key pairs. If the instance is a Windows instance, you cannot select it.
Click OK.
Start or restart the instances for the SSH key pair to take effect.
If an instance is in the Running state, restart the instance for the key pair to take effect. For more information, see Restart an instance.
If an instance is in the Stopped state, start the instance for the key pair to take effect. For more information, see Start an instance.
References
After you bind an SSH key pair to an instance, use one of the following methods to log on to the instance by using the SSH key pair:
Workbench: Connect to a Linux instance by using a password or key
Third-party client: Connect to a Linux instance by using an SSH key pair
If you want to log on to an instance by using the password-based authentication method after you bind a key pair to the instance, reset the password for the instance. After you reset the password for the instance, use the key pair or the new password to log on to the instance. For more information, see Reset the logon password of an instance.
You can call an API operation to bind an SSH key pair to one or more Linux instances. For more information, see AttachKeyPair.
If multiple users or administrators want to access a Linux instance, you may need to add or manage other SSH key pairs for the instance. For information about how to manage SSH key pairs, see the following topics: