Connecting to Linux Instances Using Key Pairs
This guide shows you how to connect to Alibaba Cloud Elastic Compute Service (ECS) Linux instances using common SSH tools on Linux and OSX workstations.
SSH key pair, or key pair for short, is a secure authentication method to remotely log on to your Alibaba Cloud Linux instance. It is a different solution from the typical username and password authentication. Compared with other authentication methods, SSH key pair authentication is more secure and is more convenient if you maintain multiple ECS instances.
You can generate a new key-pair and apply it to your instance, which allows you to connect using third-party tools. For example, you can connect using SSH on Linux or OSX workstations.
Generating a New SSH Key-pair
Before you can access your instances using SSH or SCP, you must generate a new SSH key-pair and apply the public key to your project. You can generate your own key-pairs manually by following the below steps
Linux and OSX Workstations
To generate a new SSH key-pair on Linux or OSX workstations:
Open a terminal on your workstation and use the ssh-keygen command to generate a new key-pair. Specify the -C flag to add a comment with your instance username, where [USERNAME] is the user on the instance for whom you will apply the key.
Make sure this user name already exists in the server or use root by default.
ssh-keygen -t rsa -f ~/.ssh/my-ssh-key -C [USERNAME]
Note: If the user does not exist on the instance, these steps are not going to work.
Restrict access to your my-ssh-key private key so that only you can read it and nobody can write to it.
chmod 400 ~/.ssh/my-ssh-key
Obtain the contents of the ~/.ssh/my-ssh-key.pub public key file with the cat command.
The terminal shows your public key in the following form:
ssh-rsa [KEY_VALUE] [USERNAME]
- [KEY_VALUE] is the generated public key value.
- [USERNAME] is your username.
Copy the output from the cat command and paste it as a new item when importing an Existing Key Pair in the Manage Key Pairs page.
At the bottom of the Manage Key Pairs page, click OK to save your new system-wide SSH key.
Note: The public key is NOT set to work across all the instances in your project.
Click on the Bind Instance link next to the key pair to assign the new key pairs to instances of your choice.
Or select the already created key pair when creating a new instance
Use the ssh command to connect to your instances.
Connecting Using SSH on Linux or OSX Workstations
In the console, find the external IP for the instance that you want to connect to. Go to the list of your instances.
Use the ssh command to connect to your instance. Specify your username and the external IP address for the instance that you want to connect to. Your username is the username that you setup in the instance. By default this will be the root account. For this example, the private key is at ~/.ssh/my-ssh-key.
ssh -i ~/.ssh/my-ssh-key [USERNAME]@[IP_ADDRESS]
[USERNAME] is your username
[IP_ADDRESS] is the IP for your instance.
If the connection is successful, you can use the terminal to run commands on your instance. When you are done, use the exit command to disconnect from the instance.
Connecting to an Alibaba Cloud ECS instance with SSH is easy and is the preferred choice over password logins for additional security. For more information on using SSH key pairs on Windows, please refer to this documentation page.