Select a method to connect to an instance - Elastic Compute Service

Before you can perform O&M operations, such as installing software or deploying services, on an Elastic Compute Service (ECS) instance that you created, you must first connect to the instance. Alibaba Cloud allows you to connect to an ECS instance by using SSH, Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), or Session Manager, and has developed multiple connection tools for this purpose. You can select an appropriate method and tool to connect to ECS instances based on your business requirements.

Connection methods overview

In most cases, you can use SSH and RDP to connect to Linux and Windows ECS instances, respectively. In addition, Alibaba Cloud Session Manager facilitates connecting to ECS instances, while VNC lets you connect to ECS instances for troubleshooting.

Note

RDP is a remote desktop protocol specific to Windows. You can connect to a Windows ECS instance with RDP and manage the instance with a GUI.

The following table shows the details of each connection method:

Connection method	Instance Operating System(s)	Use in browser	Additional installation needed	Network	Authentication method	References
Alibaba Cloud Workbench	Linux, Windows	Yes	No	Use the public IP or private IP address¹	Support for Linux logon: Password-based authentication Key pair-based authentication Password-free² Support for Windows logon: Password-based authentication	Use Workbench to connect to a Linux instance over SSH Use Workbench to connect to a Windows instance over RDP
VNC	Linux, Windows	Yes	No	Internet connectivity not required	Password-based authentication	Connect to an instance by using VNC
Third-party SSH client	Linux	No	OpenSSH, PuTTY, or XShell	Must use the public IP address of the instance	Password-based authentication Key pair-based authentication	Connect to an instance by using third-party client tools
RDP client	Windows	No	Use Windows Remote Desktop directly or install an RDP client	Must use the public IP address of the instance	Password-based authentication	Connect to a Windows instance by using a username and password
Session Manager	Linux, Windows	Yes, or use this feature in Alibaba Cloud Client	Must have Cloud Assistant Agent installed on the ECS instance	Internet connectivity not required	Must log on to your Alibaba Cloud account or RAM user No need to use a password	Connect to an instance by using Session Manager Use Alibaba Cloud Client to manage ECS instances
Alibaba Cloud Client	Linux, Windows	No	Alibaba Cloud Client	Use the public IP or private IP address	Support for Linux logon: Password-based authentication Key pair-based authentication Password-free Support for Windows logon: Password-based authentication	Use Alibaba Cloud Client to manage ECS instances Connect to an ECS instance by using Remote Desktop

¹Public IP or private IP address: An ECS instance has both public and private IP addresses. The methods and tools that you can use to connect to an ECS instance vary based on the instance IP address type. After you create an ECS instance, you can view its IP addresses on the Instance page in the ECS console.

²Password-free: Though you do not need to enter a password, Alibaba Cloud Assistant generates a temporary SSH key pair for you in the backend, with a validity period of 1 minute.

Learn more

VNC connection

When you connect to an ECS instance by using VNC, you must log on to your Alibaba Cloud account or Resource Access Management (RAM) user. You cannot connect to stopped ECS instances by using VNC.
Starting July 10, 2023, you can securely connect to an ECS instance by using VNC without the need to provide VNC logon passwords.
Common scenario: If you cannot connect to an ECS instance due to incorrect firewall settings, high CPU utilization, or high bandwidth utilization, you can use VNC to connect to the instance to perform troubleshooting.

Session Manager

Session Manager is a feature provided by Cloud Assistant that allows you to connect to ECS instances without the need to use passwords or jump servers. For more information about Session Manager, see Session Manager.
To use Session Manager, you must install Cloud Assistant Agent on an ECS instance. Cloud Assistant Agent is automatically installed on most types of ECS instances when they are created.
After you connect to an instance using Session Manager, whether you are using Windows or Linux, you must run a command.
Session Manager allows you to connect to ECS instances by using Cloud Assistant without the need for public IP addresses, which reduces intrusion risks.
Session Manager supports features such as audit to improve post-incident troubleshooting.
Compared with SSH and RDP, Session Manager establishes more secure connections to ECS instances.
If you prefer using commands to manage your ECS instances, we recommend that you use ali-instance-cli. For more information, see Connect to an instance by using ali-instance-cli.

ECS instance logon credentials

Obtain the logon credentials that you configured for the ECS instance during instance creation, as shown in the following figure.

A set of logon credentials can consist of either a username and password or a username and key pair. If you set Logon Credential to Set Later when you created the ECS instance, you can use one of the following methods to connect to the instance:

Use the Reset Password feature to configure a password for the instance and then connect to the instance by using the password. For information about how to use the Reset Password feature, see Reset the logon password of an ECS instance.
Connect to the instance without using a password through Workbench or Alibaba Cloud Client.