×
Community Blog Connecting to Linux Instances Using Key Pairs

Connecting to Linux Instances Using Key Pairs

In this article, we will see how to connect to Alibaba Cloud Linux instances using common SSH tools on Linux and OSX workstation.

This guide shows you how to connect to Alibaba Cloud Elastic Compute Service (ECS) Linux instances using common SSH tools on Linux and OSX workstations.

SSH key pair, or key pair for short, is a secure authentication method to remotely log on to your Alibaba Cloud Linux instance. It is a different solution from the typical username and password authentication. Compared with other authentication methods, SSH key pair authentication is more secure and is more convenient if you maintain multiple ECS instances.

You can generate a new key-pair and apply it to your instance, which allows you to connect using third-party tools. For example, you can connect using SSH on Linux or OSX workstations.

Generating a New SSH Key-pair

Before you can access your instances using SSH or SCP, you must generate a new SSH key-pair and apply the public key to your project. You can generate your own key-pairs manually by following the below steps

Linux and OSX Workstations

To generate a new SSH key-pair on Linux or OSX workstations:

Open a terminal on your workstation and use the ssh-keygen command to generate a new key-pair. Specify the -C flag to add a comment with your instance username, where [USERNAME] is the user on the instance for whom you will apply the key.

Make sure this user name already exists in the server or use root by default.

ssh-keygen -t rsa -f ~/.ssh/my-ssh-key -C [USERNAME]

1

Note: If the user does not exist on the instance, these steps are not going to work.

Restrict access to your my-ssh-key private key so that only you can read it and nobody can write to it.

chmod 400 ~/.ssh/my-ssh-key

Obtain the contents of the ~/.ssh/my-ssh-key.pub public key file with the cat command.

cat ~/.ssh/my-ssh-key.pub

The terminal shows your public key in the following form:

ssh-rsa [KEY_VALUE] [USERNAME] 

Where:

  1. [KEY_VALUE] is the generated public key value.
  2. [USERNAME] is your username.

2

Copy the output from the cat command and paste it as a new item when importing an Existing Key Pair in the Manage Key Pairs page.

At the bottom of the Manage Key Pairs page, click OK to save your new system-wide SSH key.

3

Note: The public key is NOT set to work across all the instances in your project.

Click on the Bind Instance link next to the key pair to assign the new key pairs to instances of your choice.

4

Or select the already created key pair when creating a new instance

5

Use the ssh command to connect to your instances.

6

Connecting Using SSH on Linux or OSX Workstations

In the console, find the external IP for the instance that you want to connect to. Go to the list of your instances.

Use the ssh command to connect to your instance. Specify your username and the external IP address for the instance that you want to connect to. Your username is the username that you setup in the instance. By default this will be the root account. For this example, the private key is at ~/.ssh/my-ssh-key.

ssh -i ~/.ssh/my-ssh-key [USERNAME]@[IP_ADDRESS] 

Where:

[USERNAME] is your username

[IP_ADDRESS] is the IP for your instance.

If the connection is successful, you can use the terminal to run commands on your instance. When you are done, use the exit command to disconnect from the instance.

Conclusion

Connecting to an Alibaba Cloud ECS instance with SSH is easy and is the preferred choice over password logins for additional security. For more information on using SSH key pairs on Windows, please refer to this documentation page.

0 1 0
Share on

Sabith

9 posts | 4 followers

You may also like

Comments

Sabith

9 posts | 4 followers

Related Products

  • Key Management Service

    Create, delete and manage encryption keys with Alibaba Cloud Key Management Service

    Learn More
  • Managed Security Service

    Identify vulnerabilities and improve security management of Alibaba Cloud WAF and Anti-DDoS and with a fully managed security service

    Learn More
  • Mobile Security

    Alibaba Cloud Mobile Security is an online mobile application security service that protects applications from potential risks, threats and vulnerabilities

    Learn More
  • Super Computing Cluster

    Super Computing Service provides ultimate computing performance and parallel computing cluster services for high-performance computing through high-speed RDMA network and heterogeneous accelerators such as GPU.

    Learn More