Import an SSH key pair that is generated by a third-party tool to an ECS instance - Elastic Compute Service

If you have an SSH key pair that is generated by a third-party tool or you want to use an SSH key pair to log on to multiple Elastic Compute Service (ECS) instances, you can import the public key of the SSH key pair to the ECS console. After you bind the SSH key pair to ECS instances, you can use the private key of the SSH key pair to log on to the instances. You do not need to create an SSH key pair for each instance. This topic describes how to import an SSH key pair.

Prerequisites

The public key information of the SSH key pair that you want to import is obtained. For information about how to obtain the public key information of SSH key pairs, see View public key information.
Imported public keys must be encoded in Base64 and support one of the following encryption methods:
- rsa
- dsa
- ssh-rsa
- ssh-dss
- ecdsa
- ssh-rsa-cert-v00@openssh.com
- ssh-dss-cert-v00@openssh.com
- ssh-rsa-cert-v01@openssh.com
- ssh-dss-cert-v01@openssh.com
- ecdsa-sha2-nistp256-cert-v01@openssh.com
- ecdsa-sha2-nistp384-cert-v01@openssh.com
- ecdsa-sha2-nistp521-cert-v01@openssh.com

Usage notes

An SSH key pair consists of a public key and a private key. You cannot import a private key. You must store the private key in a secure location. To log on to an ECS instance to which an SSH key pair is bound, you must provide the private key.
Each Alibaba Cloud account can have up to 500 SSH key pairs in a region. For more information, see Limits.
If you use the ECS console to perform operations, you can import only one public key to an ECS instance.

Procedure

Log on to the ECS console.
In the left-side navigation pane, choose Network & Security > Key Pairs.
In the top navigation bar, select the region and resource group to which the resource belongs.
Click Create Key Pair.

In the Create SSH Key Pair dialog box, configure the parameters that are described in the following table.

Parameter	Description
SSH Key Pair Name	Enter a name for the key pair. The name must be unique. The name must be 2 to 128 characters in length and can contain letters, digits, periods (.), underscores (_), hyphens (-), and colons (:). The name cannot start with a digit or a special character.
Creation Type	Select Import.
Public Key	Enter a public key.
Resource Group	You can assign the key pair to a resource group for easy management. For more information, see Resource groups.
Tag	Select one or more tags to add to the key pair. This facilitates resource search and aggregation. For more information, see Overview of tags.

Click OK.

What to do next

Before you can use the imported SSH key pair to log on to a Linux instance, you must bind the SSH key pair to the Linux instance. For information about how to bind an SSH key pair to a Linux instance, see Bind an SSH key pair.