Methods for connecting to an ECS instance

Updated at: 2025-02-21 11:36

Alibaba Cloud allows you to connect to an ECS instance by using various tools such as SSH clients, Remote Desktop Protocol (RDP) clients, Virtual Network Computing (VNC), and Session Manager. This topic walks you through choosing the right tool to connect to an ECS instance.

Connection tools

Connection tool

Instance operating system(s)

On-premises installation required1

Support for connection to a private IP address2

Support for connection to a public IP address3

Supported logon credential(s)

Connection tool

Instance operating system(s)

On-premises installation required1

Support for connection to a private IP address2

Support for connection to a public IP address3

Supported logon credential(s)

Workbench (used in a browser)

Windows, Linux

No

Yes

Yes

Passwords, key pairs

Session Manager (used in a browser)

Windows, Linux

No

Not required

Not required

Not required4

VNC (used in a browser)

Windows, Linux

No

Not required

Not required

Passwords

Alibaba Cloud Client

Windows, Linux

Yes

Yes

Yes

Passwords, key pairs

SSH client (third-party)

Linux

Yes

No

Yes

Passwords, key pairs

RDP client (third-party)

Windows

Yes

No

Yes

Passwords

1Workbench, Session Manager, and VNC are browser-based connection tools in the Alibaba Cloud Console. Other tools require installations on your on-premises device.

2When an ECS instance is created, a private IP address is automatically assigned to it. Most SSH or RDP clients like Xshell and PuTTY cannot connect to this private IP.

3If no public IP address is assigned during instance creation, you can check and enable public bandwidth to give it one.

4With Session Manager, you do not need the instance logon credentials. However, you must log on to the ECS console using an Alibaba Cloud account or as a Resource Access Management (RAM) user with Session Manager permissions.

Use connection tools

Workbench

A browser-based tool for connecting to ECS instances.

  • Features:

    • No installation required.

    • Supports file transfer, multi-terminal, and other functions.

    • Only connects to Alibaba Cloud instances.

  • Network: Users can establish connections using either public or private IP addresses of target instances.

  • Authentication methods: Password-based, key pair-based, temporary key pair-based.

References

Session Manager

This secure connection tool, provided by Cloud Assistant, requires Cloud Assistant Agent, which is automatically installed on ECS instances when you create them from Alibaba Cloud images.

  • Features:

    • Browser-based, no installation required.

    • Supports audit and post-incident troubleshooting.

    • Only connects to Alibaba Cloud instances.

    • Only supports command execution after instance connection establishments.

  • Network: No public IP address required, reducing security risks.

  • Authentication method: No password required.

References

VNC

Lets you connect to an ECS instance that is in the Running state, even when the instance operating system is starting, or the instance is in the Stopping state.

  • Features:

    • Browser-based, no installation required.

    • View the real-time interface of the operating system. By default, Linux may not include a GUI.

    • Bypasses security group restrictions and effective for troubleshooting connection issues.

    • Only connects to Alibaba Cloud instances.

  • Network: No public IP address required.

  • Authentication method: Password-based.

Reference

Connect to an instance by using VNC

Alibaba Cloud Client

Lets you manage Alibaba Cloud resources. You can use it to connect to ECS instances in the cloud.

  • Features:

    • Requires installation before use.

    • Only connects to Alibaba Cloud instances.

    • Offers features beyond ECS instance connectivity, such as connect and view specific cloud services.

  • Network: Users can establish connections using either public or private IP addresses of target instances.

  • Authentication methods: Password-based, key pair-based, temporary key pair-based.

References

Third-party SSH client

Lets you connect to Linux ECS instances. Common SSH clients include OpenSSH, PuTTY, and Xshell.

  • Feature: Client installation may be needed.

  • Network: Requires either the assigned public IP address or the associated elastic IP address (EIP).

  • Authentication methods: Password-based, key pair-based.

References

Third-party RDP client

Lets you connect to Windows ECS instances. Common RDP clients include Microsoft Remote Desktop, Windows Remote Desktop, and Windows App.

  • Feature: Client installation may be needed.

  • Network: Requires the assigned public IP address or the associated EIP.

  • Authentication method: Password-based.

Reference

Connect to a Windows instance by using a username and password

FAQs

  • How do I check whether an ECS instance is assigned a public IP address?

    To check whether an ECS instance is assigned a public IP address, find it on the Instance page in the ECS console and check the IP Address column. If the instance is assigned a public IP address, it will be followed by (Public) in the IP Address column, as shown below. For details on how to check the information of an ECS instance, see View instance information.

    image

  • Why doesn't my ECS instance have a public IP address? How do I assign it one?

    You may not have selected Assign Public IPv4 Address when creating the instance, as shown in the following figure. Enable public bandwidth to assign a public IP address to the instance.

    image

  • How do I view the operating system of an ECS instance?

    You can do this through the Instance page. Most operating systems are either Windows or Linux. If the instance runs Windows, there will be a Windows icon under Operating System, as shown below.

    If the operating system of an ECS instance does not meet your business requirements, you can change it.

    image

  • What is the default logon username of ECS instances?

    The default logon username of an ECS instance is the one you set when you created the instance. For Linux ECS instances, the default logon username is root or ecs-user. For Windows, it's administrator. For information about the differences between the two, see Manage logon users for instances.

    image

  • What is the default logon password of ECS instances?

    ECS instances do not have a default logon password. You can configure a logon password or key pair when you create the instance. If you forget the password, you can reset it.

    Note

    If you set the Logon Credential parameter to Key Pair or Set Later when you create an ECS instance, the instance does not have a logon password, and password-based authentication is disabled. You can use the password reset feature to configure a logon password.

    image

  • On this page (1)
  • Connection tools
  • Use connection tools
  • Workbench
  • Session Manager
  • VNC
  • Alibaba Cloud Client
  • Third-party SSH client
  • Third-party RDP client
  • FAQs
Feedback
phone Contact Us