Alibaba Cloud allows you to connect to an ECS instance by using various tools such as SSH clients, Remote Desktop Protocol (RDP) clients, Virtual Network Computing (VNC), and Session Manager. This topic walks you through choosing the right tool to connect to an ECS instance.
Connection tools
Connection tool | Instance operating system(s) | On-premises installation required1 | Support for connection to a private IP address2 | Support for connection to a public IP address3 | Supported logon credential(s) |
Connection tool | Instance operating system(s) | On-premises installation required1 | Support for connection to a private IP address2 | Support for connection to a public IP address3 | Supported logon credential(s) |
Workbench (used in a browser) | Windows, Linux | No | Yes | Yes | Passwords, key pairs |
Session Manager (used in a browser) | Windows, Linux | No | Not required | Not required | Not required4 |
VNC (used in a browser) | Windows, Linux | No | Not required | Not required | Passwords |
Windows, Linux | Yes | Yes | Yes | Passwords, key pairs | |
SSH client (third-party) | Linux | Yes | No | Yes | Passwords, key pairs |
RDP client (third-party) | Windows | Yes | No | Yes | Passwords |
1Workbench, Session Manager, and VNC are browser-based connection tools in the Alibaba Cloud Console. Other tools require installations on your on-premises device.
2When an ECS instance is created, a private IP address is automatically assigned to it. Most SSH or RDP clients like Xshell and PuTTY cannot connect to this private IP.
3If no public IP address is assigned during instance creation, you can check and enable public bandwidth to give it one.
4With Session Manager, you do not need the instance logon credentials. However, you must log on to the ECS console using an Alibaba Cloud account or as a Resource Access Management (RAM) user with Session Manager permissions.
Use connection tools
Workbench
A browser-based tool for connecting to ECS instances.
Features:
No installation required.
Supports file transfer, multi-terminal, and other functions.
Only connects to Alibaba Cloud instances.
Network: Users can establish connections using either public or private IP addresses of target instances.
Authentication methods: Password-based, key pair-based, temporary key pair-based.
References
Session Manager
This secure connection tool, provided by Cloud Assistant, requires Cloud Assistant Agent, which is automatically installed on ECS instances when you create them from Alibaba Cloud images.
Features:
Browser-based, no installation required.
Supports audit and post-incident troubleshooting.
Only connects to Alibaba Cloud instances.
Only supports command execution after instance connection establishments.
Network: No public IP address required, reducing security risks.
Authentication method: No password required.
References
VNC
Lets you connect to an ECS instance that is in the Running state, even when the instance operating system is starting, or the instance is in the Stopping state.
Features:
Browser-based, no installation required.
View the real-time interface of the operating system. By default, Linux may not include a GUI.
Bypasses security group restrictions and effective for troubleshooting connection issues.
Only connects to Alibaba Cloud instances.
Network: No public IP address required.
Authentication method: Password-based.
Reference
Alibaba Cloud Client
Lets you manage Alibaba Cloud resources. You can use it to connect to ECS instances in the cloud.
Features:
Requires installation before use.
Only connects to Alibaba Cloud instances.
Offers features beyond ECS instance connectivity, such as connect and view specific cloud services.
Network: Users can establish connections using either public or private IP addresses of target instances.
Authentication methods: Password-based, key pair-based, temporary key pair-based.
References
Third-party SSH client
Lets you connect to Linux ECS instances. Common SSH clients include OpenSSH, PuTTY, and Xshell.
Feature: Client installation may be needed.
Network: Requires either the assigned public IP address or the associated elastic IP address (EIP).
Authentication methods: Password-based, key pair-based.
References
Third-party RDP client
Lets you connect to Windows ECS instances. Common RDP clients include Microsoft Remote Desktop, Windows Remote Desktop, and Windows App.
Feature: Client installation may be needed.
Network: Requires the assigned public IP address or the associated EIP.
Authentication method: Password-based.
Reference
Connect to a Windows instance by using a username and password
FAQs
How do I check whether an ECS instance is assigned a public IP address?
To check whether an ECS instance is assigned a public IP address, find it on the Instance page in the ECS console and check the IP Address column. If the instance is assigned a public IP address, it will be followed by (Public) in the IP Address column, as shown below. For details on how to check the information of an ECS instance, see View instance information.
Why doesn't my ECS instance have a public IP address? How do I assign it one?
You may not have selected Assign Public IPv4 Address when creating the instance, as shown in the following figure. Enable public bandwidth to assign a public IP address to the instance.
How do I view the operating system of an ECS instance?
You can do this through the Instance page. Most operating systems are either Windows or Linux. If the instance runs Windows, there will be a Windows icon under Operating System, as shown below.
If the operating system of an ECS instance does not meet your business requirements, you can change it.
What is the default logon username of ECS instances?
The default logon username of an ECS instance is the one you set when you created the instance. For Linux ECS instances, the default logon username is root or ecs-user. For Windows, it's administrator. For information about the differences between the two, see Manage logon users for instances.
What is the default logon password of ECS instances?
ECS instances do not have a default logon password. You can configure a logon password or key pair when you create the instance. If you forget the password, you can reset it.
If you set the Logon Credential parameter to Key Pair or Set Later when you create an ECS instance, the instance does not have a logon password, and password-based authentication is disabled. You can use the password reset feature to configure a logon password.