Methods for connecting to an ECS instance

Updated at: 2025-01-24 08:21

Before you can perform operations, such as deploying websites, on an Elastic Compute Service (ECS) instance that you created, you must connect to the instance from an on-premises device. You can use different tools to connect to an ECS instance. This topic describes how to select an appropriate tool to connect to an ECS instance.

Connection tools

Connection tool

Instance operating system

On-premises installation required

Support for connection to a private IP address

Support for connection to a public IP address

Supported logon credential

Connection tool

Instance operating system

On-premises installation required

Support for connection to a private IP address

Support for connection to a public IP address

Supported logon credential

Workbench (used in a browser)

Windows and Linux

No

Yes

Yes

Passwords and key pairs

Session Manager (used in a browser)

Windows and Linux

No

Yes

Yes

None

Virtual Network Computing (VNC) (used in a browser)

Windows and Linux

No

Yes

Yes

Passwords

Alibaba Cloud Client

Windows and Linux

Yes

Yes

Yes

Passwords and key pairs

SSH client (third-party)

Linux

Yes

No

Yes

Passwords and key pairs

Remote Desktop Protocol (RDP) client (third-party)

Windows

Yes

No

Yes

Passwords

Workbench, Session Manager, and VNC are installation-free connection tools that you can directly use in the Alibaba Cloud Management Console in a browser. To use other connection tools, you must install the tools on your on-premises device.

After an ECS instance is created, a private IP address is automatically assigned to the instance. Most third-party SSH or RDP clients, such as Xshell, PuTTY, and Windows Remote Desktop, cannot establish connections to the private IP addresses of ECS instances.

If you do not assign a public IP address to an ECS instance when you create the instance, the instance does not have a public IP address. You can check whether an ECS instance is assigned a public IP address. For more information, see How do I check whether an ECS instance is assigned a public IP address? If no public IP address is assigned to an ECS instance, you can enable public bandwidth to assign a public IP address to the instance. For more information, see Enable public bandwidth.

When you use Session Manager to connect to an ECS instance, you do not need to provide the logon credential of the instance. However, you must log on to the Alibaba Cloud Management Console by using an Alibaba Cloud account or a Resource Access Management (RAM) user that has the permissions to use Session Manager to connect to the instance.

Use connection tools

Workbench

Workbench is a connection tool provided by Alibaba Cloud that you can use in a browser to connect to Linux and Windows ECS instances by using different methods.

In addition to connecting to ECS instances, Workbench provides other features, such as file transfer and multi-terminal. For more information about Workbench, see Connect to an instance through Workbench.
  • Characteristics: Workbench is an installation-free tool that you can directly use in a browser. You can use Workbench to connect to only ECS instances in Alibaba Cloud.

  • Network: Workbench allows you to connect to an ECS instance by using the public or private IP address of the instance.

  • Authentication method: Workbench supports password-based authentication and key pair-based authentication.

References

Session Manager

Session Manager is a tool provided by Cloud Assistant that allows you to connect to ECS instances without the need to log on to the instance or use passwords or jump servers. Compared with other connection tools, Session Manager establishes more secure connections to ECS instances. For more information about Session Manager, see Session Manager.

Session Manager allows you to connect to ECS instances by using Cloud Assistant without the need to use public IP addresses, which reduces intrusion risks. Session Manager supports features, such as audit, to improve post-incident troubleshooting.
  • Characteristics: Session Manager is an installation-free tool that you can directly use in a browser. When you use Session Manager to connect to an ECS instance, you do not need to provide the password or key pair of the instance. However, you must log on to the Alibaba Cloud Management Console by using an Alibaba Cloud account or a RAM user. You can use Session Manager to connect to only ECS instances in Alibaba Cloud.

  • Network: Internet connectivity is not required when you use Session Manager to connect to ECS instances.

  • Authentication method: You can use Session Manager to connect to ECS instances without passwords.

  • Limits

    • You can only run commands to connect to Windows or Linux ECS instances by using Session Manager.

    • You must install Cloud Assistant Agent on an ECS instance before you can connect to the instance by using Session Manager. Cloud Assistant Agent is automatically installed on ECS instances when the instances are created from images provided by Alibaba Cloud.

References

VNC

You can use VNC to connect to an ECS instance that is in the Running state, even when the instance operating system is starting, or to an ECS instance that is in the Stopping state.

After you use VNC to connect to an ECS instance, you can directly view the real-time interface of the operating system in the instance. By default, Linux may not include a GUI. VNC is not restricted by security group settings or the software that runs on the instance. You can use VNC to troubleshoot the issues that occur when other connection tools are used.
  • Characteristics: Before you can use VNC to connect to ECS instances, you must log on to the Alibaba Cloud Management Console by using an Alibaba Cloud account or a RAM user. You cannot use VNC to connect to ECS instances that are in the Stopped state. You can use VNC to connect only to ECS instances in Alibaba Cloud.

  • Network: Internet connectivity is not required when you use VNC to connect to ECS instances.

  • Authentication method: VNC supports password-based authentication.

References

Connect to an instance by using VNC

Alibaba Cloud Client

Alibaba Cloud Client is a software application provided by Alibaba Cloud that allows you to manage Alibaba Cloud resources. You can use Alibaba Cloud Client to connect to ECS instances in Alibaba Cloud.

  • Characteristics: You must install Alibaba Cloud Client before you can use Alibaba Cloud Client. You can use Alibaba Cloud Client to connect to only instances in Alibaba Cloud. In addition to connecting to instances, Alibaba Cloud Client provides other features. For more information about Alibaba Cloud Client, see Overview of Alibaba Cloud Client.

  • Network: Alibaba Cloud Client allows you to connect to ECS instances by using the public or private IP addresses of the instances.

  • Authentication method: Alibaba Cloud Client supports key pair-based authentication, password-based authentication, and temporary key pair-based authentication for logon to ECS instances. You can use key pairs or temporary key pairs for authentication, instead of passwords, when you connect to ECS instances by using Alibaba Cloud Client.

References

Third-party SSH client

You can use a third-party SSH client to connect to Linux ECS instances based on your business requirements. Common SSH clients include OpenSSH, PuTTY, and Xshell.

  • Characteristics: You may need to install a third-party SSH client before you can use the client.

  • Network: When you use a third-party SSH client to connect to a Linux ECS instance, you must provide the public IP address that is assigned to the instance or the elastic IP address (EIP) that is associated with the instance.

  • Authentication method: Third-party SSH clients support key pair-based authentication and password-based authentication.

References

Third-party RDP client

You can use a third-party RDP client to connect to Windows ECS instances based on your business requirements. Common RDP clients include Microsoft Remote Desktop, Windows Remote Desktop, and Windows App.

  • Characteristics: You may need to install a third-party RDP client before you can use the client.

  • Network: When you use a third-party RDP client to connect to a Windows ECS instance, you must provide the public IP address that is assigned to the instance or the EIP that is associated with the instance.

  • Authentication method: Third-party RDP clients support password-based authentication.

References

Connect to a Windows instance by using a username and password

FAQ

  • How do I check whether an ECS instance is assigned a public IP address?

    To check whether an ECS instance is assigned a public IP address, find the instance on the Instance page in the ECS console and check the IP addresses in the IP Address column. If the instance is assigned a public IP address, the public IP address is displayed followed by (Public) in the IP Address column, as shown in the following figure. For information about how to check the information about an ECS instance, see View instance information.

    image

  • Why does an ECS instance have no public IP address? What do I do?

    The ECS instance may not have a public IP address because you did not select Assign Public IPv4 Address when you created the instance, as shown in the following figure. You can enable public bandwidth to assign a public IP address to the instance. For more information, see Enable public bandwidth.

    image

  • How do I view the operating system of an ECS instance?

    You can log on to the ECS console and view the operating system information of ECS instances on the Instance page. Most non-Windows operating systems are Linux operating systems. If an ECS instance runs a Windows operating system, the Windows icon is displayed in the Operating System column corresponding to the instance, as shown in the following figure.

    If the operating system of an ECS instance does not meet your business requirements, you can replace the operating system of the instance. For more information, see Replace the operating system (system disk) of an instance.

    image

  • What is the default logon username of ECS instances?

    The default logon username of an ECS instance is the username that you configure when you create the instance. For Linux ECS instances, the default logon username is root or ecs-user. For Windows ECS instances, the default logon username is administrator. For information about the differences between the preceding usernames, see Manage logon users for instances.

    image

  • What is the default logon password of ECS instances?

    ECS instances do not have a default logon password. You can configure a logon password or key pair for an ECS instance when you create the instance. If you forget the logon password of an ECS instance, you can reset the logon password of the instance. For more information, see Reset the logon password of an instance.

    Note

    If you set the Logon Credential parameter to Key Pair or Set Later when you create an ECS instance, the created instance does not have a logon password and password-based authentication is disabled for the instance. You can use the password reset feature to configure a logon password for the instance. For more information, see Reset the logon password of an instance.

    image

  • On this page (1, M)
  • Connection tools
  • Use connection tools
  • Workbench
  • Session Manager
  • VNC
  • Alibaba Cloud Client
  • Third-party SSH client
  • Third-party RDP client
  • FAQ
Feedback
phone Contact Us