Creating a Key Pair

Overview

To ensure system security, you are recommended to use the key authentication mode to authorize the user who attempts to log in to an ECS. Therefore, you must use an existing key pair or create a new one for remote login authentication.

  • Creating a key pair
    If no key pair is available, create one. You can use either of the following methods:
    • Create a key pair using the management console. After the creation, the public key is automatically stored in the system, and the private key is manually stored in a local directory. For details, see section Creating a Key Pair Using the Management Console.
    • Create a key pair using puttygen.exe. After the creation, both the public key and private key are stored locally. For details, see section Creating a Key Pair Using puttygen.exe.
  • Using an existing key pair

    If a key pair is available locally, choose Key Pair in the navigation pane and click Import Key Pair and Select File on the right side of the page to import the key pair to the system. For details, see section Importing a Key Pair.

    NOTE:

    If the public key of the existing key pair is stored by clicking Save public key of puttygen.exe, the public key cannot be imported to the management console. If this key pair must be used for remote authentication, see section What Should I Do If a Key Pair Created Using puttygen.exe Cannot Be Imported to the Management Console? for troubleshooting.

Restrictions and Limitations

  • ECSs support the following encryption algorithms:
    • SSH-2 (RSA, 1024)
    • SSH-2 (RSA, 2048)
    • SSH-2 (RSA, 4096)
  • The private key is one of the most important functions for protecting your ECS during remote login. To ensure ECS security, you are limited to downloading the private key only once.

Creating a Key Pair Using the Management Console

  1. Log in to the management console.
  2. Under Computing, click Elastic Cloud Server.
  3. In the navigation pane, choose Key Pair.
  4. On the right side of the page, click Create Key Pair.
  5. Enter the key name.
  6. Click OK.
  7. In the displayed dialog box, click OK.

    You can view and save the private key according to the prompts. To ensure ECS security, you are limited to downloading the private key only once.

Creating a Key Pair Using puttygen.exe

  1. Obtain the public and private keys.

    1. Double-click puttygen.exe. The PuTTY Key Generator page is displayed.
      Figure 1 PuTTY Key Generator
    2. Click Generate.

      The key generator automatically generates a key pair that consists of a public key and a private key. The public key is shown in the red box in Figure 2.

      Figure 2 Obtaining the public and private keys

  2. Copy the public key content to a .txt file and save the file in a local directory.

    NOTE:

    Do not save the public key by clicking Save public key. Storing a public key by clicking Save public key of puttygen.exe will change the format of the public key content. Such a key cannot be imported to the management console.

  3. Save the private key.

    The format in which to save your private key varies depending on application scenarios:

    • Saving the private key in .ppk format
      When you are required to log in to a Linux ECS using PuTTY, you must use the .ppk private key. To save the private key in .ppk format, perform the following operations:
      1. On the PuTTY Key Generator page, choose File > Save private key.
      2. Save the converted private key, for example, kp-123.ppk, in a local directory.
    • Saving the private key in .pem format
      When you are required to log in to a Linux ECS using Xshell or attempt to obtain the password for logging in to a Windows ECS, you must use the .pem private key for authentication. To save the private key in .pem format, perform the following operations:
      1. Choose Conversions > Export OpenSSH key.
        NOTICE:

        If you use this private file to obtain the password for logging in to a Windows ECS, when you choose Export OpenSSH key, do not configure Key passphrase. Otherwise, obtaining the password will fail.

      2. Save the private key, for example, kp-123.pem, in a local directory.

  4. Import the public key to the system. For details, see section "Copying the public key content" in Importing a Key Pair.

Importing a Key Pair

If you store a public key by clicking Save public key of puttygen.exe, the format of the public key content will change. Such a key cannot be imported to the management console. To resolve this issue, obtain the public key content in correct format and import the content to the management console. For details, see section What Should I Do If a Key Pair Created Using puttygen.exe Cannot Be Imported to the Management Console?

  1. Log in to the management console.
  2. Under Computing, click Elastic Cloud Server.
  3. In the navigation tree, choose Key Pair.
  4. On the right side of the page, click Import Key Pair.
  5. Use either of the following methods to import the key pair:
    • Selecting a file
      1. On the Import Key Pair page, click Select File and select the locally stored public key.
        NOTE:

        When importing a key pair, ensure that the public key is imported. Otherwise, importing the key pair will fail.

      2. Click OK.

        After the public key is imported, you can change its name.

    • Copying the public key content
      1. Copy the content of the public key in .txt file into the Public Key Content text box.
      2. Click OK.
Registration