This guide shows you how to connect to Alibaba Cloud Elastic Compute Service (ECS) Linux instances using common SSH tools on Linux and OSX workstations.
SSH key pair, or key pair for short, is a secure authentication method to remotely log on to your Alibaba Cloud Linux instance. It is a different solution from the typical username and password authentication. Compared with other authentication methods, SSH key pair authentication is more secure and is more convenient if you maintain multiple ECS instances.
You can generate a new key-pair and apply it to your instance, which allows you to connect using third-party tools. For example, you can connect using SSH on Linux or OSX workstations.
Before you can access your instances using SSH or SCP, you must generate a new SSH key-pair and apply the public key to your project. You can generate your own key-pairs manually by following the below steps
To generate a new SSH key-pair on Linux or OSX workstations:
Open a terminal on your workstation and use the ssh-keygen command to generate a new key-pair. Specify the -C flag to add a comment with your instance username, where [USERNAME] is the user on the instance for whom you will apply the key.
Make sure this user name already exists in the server or use root by default.
ssh-keygen -t rsa -f ~/.ssh/my-ssh-key -C [USERNAME]
Note: If the user does not exist on the instance, these steps are not going to work.
Restrict access to your my-ssh-key private key so that only you can read it and nobody can write to it.
chmod 400 ~/.ssh/my-ssh-key
Obtain the contents of the ~/.ssh/my-ssh-key.pub public key file with the cat command.
The terminal shows your public key in the following form:
ssh-rsa [KEY_VALUE] [USERNAME]
Copy the output from the cat command and paste it as a new item when importing an Existing Key Pair in the Manage Key Pairs page.
At the bottom of the Manage Key Pairs page, click OK to save your new system-wide SSH key.
Note: The public key is NOT set to work across all the instances in your project.
Click on the Bind Instance link next to the key pair to assign the new key pairs to instances of your choice.
Or select the already created key pair when creating a new instance
Use the ssh command to connect to your instances.
In the console, find the external IP for the instance that you want to connect to. Go to the list of your instances.
Use the ssh command to connect to your instance. Specify your username and the external IP address for the instance that you want to connect to. Your username is the username that you setup in the instance. By default this will be the root account. For this example, the private key is at ~/.ssh/my-ssh-key.
ssh -i ~/.ssh/my-ssh-key [USERNAME]@[IP_ADDRESS]
[USERNAME] is your username
[IP_ADDRESS] is the IP for your instance.
If the connection is successful, you can use the terminal to run commands on your instance. When you are done, use the exit command to disconnect from the instance.
Connecting to an Alibaba Cloud ECS instance with SSH is easy and is the preferred choice over password logins for additional security. For more information on using SSH key pairs on Windows, please refer to this documentation page.
Alibaba Clouder - March 28, 2018
Alibaba Clouder - May 29, 2018
Marketplace - January 10, 2019
Alibaba Clouder - February 20, 2020
Alibaba Clouder - June 18, 2019
Alibaba Clouder - September 30, 2018
An industry-standard hardware security module (HSMs) deployed on Alibaba Cloud.Learn More
Deploy custom Alibaba Cloud solutions for business-critical scenarios with Quick Start templates.Learn More
Alibaba Cloud is committed to safeguarding the cloud security for every business.Learn More
Create, delete and manage encryption keys with Alibaba Cloud Key Management ServiceLearn More
More Posts by Sabith