You can create an SSH key pair in the ECS console. You can also use a tool to generate a key pair and import its public key to Alibaba Cloud.


The public key information of the key pair to be imported is obtained. For information about how to obtain public key information of key pairs, see View public key information.

Background information

  • Do not import the private key. You must keep the private key safe. To log on to an ECS instance that is bound with a key pair, you must have the private key.
  • Only one public key can be imported into an ECS instance.

An Alibaba Cloud account can have a maximum of 500 key pairs within a region. For more information, see Limits.

An imported public key must be encoded in Base64 and support one of the following encryption methods:
  • rsa
  • dsa
  • ssh-rsa
  • ssh-dss
  • ecdsa


  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > SSH Key Pairs.
  3. In the top navigation bar, select a region.
  4. Click Create SSH Key Pair.
  5. Enter a key pair name and set Creation Type to Import.
    Note The name of the SSH key pair must be unique. Otherwise, you will be prompted that the name is already in use.
  6. In the Public Key field, enter the public key to be imported.
  7. Click OK.

What to do next

Bind an SSH key pair to an instance