Creates an SSH key pair. The system stores the public key and returns the unencrypted private key. The private key is encoded with PEM in the PKCS#8 format. You are responsible for storing the private key and ensuring its confidentiality.

Description

In addition to calling CreateKeyPair, you can create a key pair by using a third-party key pair generation tool and call the ImportKeyPair operation to upload the key pair to an Alibaba Cloud region.

A maximum of 500 key pairs can be created in each region. For more information, see Limits.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateKeyPair

The operation that you want to perform. Set the value to CreateKeyPair.

RegionId String Yes cn-hangzhou

The ID of the region in which to create the key pair. You can call the DescribeRegions operation to query the most recent region list.

KeyPairName String Yes testKeyPairName

The name of the key pair. The name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-).

ResourceGroupId String No rg-bp67acfmxazb4p****

The ID of the enterprise resource group to which the SSH key pair belongs.

Tag.N.Key String No TestKey

The key of tag N to be bound to the key pair. Valid values of N: 1 to 20. The tag key cannot be an empty string. The tag key can be up to 128 characters in length and cannot contain http:// or https://. It cannot start with aliyun or acs:.

Tag.N.Value String No TestValue

The value of tag N of the key pair. Valid values of N: 1 to 20. The tag value can be an empty string. The tag value can be up to 128 characters in length and cannot contain http:// or https://. It cannot start with acs:.

Response parameters

Parameter Type Example Description
PrivateKeyBody String MIIEpAIBAAKCAQEAtReyMzLIcBH78EV2zj****

The private key of the key pair. The private key is encoded with PEM in the PKCS#8 format.

KeyPairName String testKeyPairName

The name of the SSH key pair.

KeyPairId String ssh-bp67acfmxazb4p****

The ID of the SSH key pair.

RequestId String 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

The ID of the request.

KeyPairFingerPrint String 89:f0:ba:62:ac:b8:aa:e1:61:5e:fd:81:69:86:6d:6b:f0:c0:5a:**

The fingerprint of the key pair. The message-digest algorithm 5 (MD5) is used based on the public key fingerprint format defined in RFC 4716. For more information, see RFC 4716.

Examples

Sample requests

https://ecs.aliyuncs.com/?Action=CreateKeyPair
&RegionId=cn-hangzhou
&KeyPairName=testKeyPairName
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateKeyPairResponse>
    <RequestId>473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E</RequestId>
    <KeyPairName>testKeyPairName</KeyPairName>
    <KeyPairId>ssh-bp67acfmxazb4p****</KeyPairId>
    <KeyPairFingerPrint>89:f0:ba:62:ac:b8:aa:e1:61:5e:fd:81:69:86:6d:6b:f0:c0:5a:**</KeyPairFingerPrint>
    <PrivateKeyBody>MIIEpAIBAAKCAQEAtReyMzLIcBH78EV2zj****</PrivateKeyBody>
</CreateKeyPairResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E",
  "KeyPairName" : "testKeyPairName",
  "KeyPairId" : "ssh-bp67acfmxazb4p****",
  "KeyPairFingerPrint" : "89:f0:ba:62:ac:b8:aa:e1:61:5e:fd:81:69:86:6d:6b:f0:c0:5a:**",
  "PrivateKeyBody" : "MIIEpAIBAAKCAQEAtReyMzLIcBH78EV2zj****"
}

Error codes

HttpCode Error code Error message Description
400 InvalidKeyPairName.Malformed Specified Key Pair name is not valid. The error message returned because the specified KeyPairName parameter is invalid.
400 KeyPair.AlreadyExist The key pair already exist. The error message returned because a key pair with the same name already exists. Key pair names must be unique.
400 Duplicate.TagKey The Tag.N.Key contain duplicate key. The error message returned because the specified tag key already exists. Tag keys must be unique.
400 InvalidTagKey.Malformed The specified Tag.n.Key is not valid. The error message returned because the specified Tag.N.Key parameter is invalid.
400 InvalidTagValue.Malformed The specified Tag.n.Value is not valid. The error message returned because the specified Tag.N.Value parameter is invalid.
403 QuotaExceed.KeyPair The key pair quota exceeds. The error message returned because the maximum number of key pairs has been reached.
403 QuotaExceed.Tags %s The error message returned because the maximum number of tags has been reached.
404 InvalidResourceGroup.NotFound The ResourceGroup provided does not exist in our records. The error message returned because the specified ResourceGroupId parameter does not exist.

For a list of error codes, visit the API Error Center.