This document describes how to use an SSH key pair to log on to a Linux instance in the following OSs:

Note You can also use your account and password to connect to a Linux instance. For detailed operations, see connect to a Linux instance by using a password and connect to an instance by using the Management Terminal.

Local Windows OS

The following uses PuTTY and PuTTYgen as an example to describe how to use a key pair generated by Alibaba Cloud to log on to a Linux instance through the SSH remote access tool on a Windows OS.

Prerequisites

  • You have downloaded and installed PuTTY and PuTTYgen. The download links are as follows:

  • You have a Linux instance allocated with a key pair. You can allocate a key pair when creating an instance or bind a key pair for the instance.

  • The following security group rules must be added to the security group where the instance resides. For detailed operations, see add security group rules.
    Network type Network card type Rule direction Authorization policy Protocol type Port range Authorization type Authorization object Priority
    VPC Not required Inbound Allow SSH (22) 22/22 IP address segment–based access 0.0.0.0/0 1
    Classic network Internet

Procedure

  1. (Optional) If you are using a .pem private key file generated by Alibaba Cloud, you must do the following to convert it to a .ppk key file: If you are using a .ppk private key file, skip this step.
    Note You can download the .pem private key file when you create an SSH key pair.
    1. Start PuTTYgen. PuTTYgen 0.68 is used in this example.
    2. In the Parameters area, select RSA for Type of key to generate.
      Note You do not need to set Number of bits in a generated key. PuTTYgen will automatically updates the parameter value according to the information about the imported private key.


    3. Click Load, select All Files (*.*) from the drop-down list after the file name field, and then locate your .pem file.
      Note By default, only .ppk files are displayed.


    4. Select the .pem private key file you have downloaded from Alibaba Cloud and click Open.
    5. Click OK to close the confirmation dialog box.
    6. Click Save private key. In the PuTTYgen Warning dialog box indicating saving the key without a passphrase to protect it, click Yes.
    7. Set the private key name to the key pair name and save the name. PuTTY will automatically add the .ppk extension to the file.
  2. Start PuTTY.
  3. Choose Connection > SSH > Auth from the left navigation pane, click Browse… in the right pane, and then select the generated .ppk file.

  4. In the left navigation pane, click Session.
    • In the right pane, enter your account and the Internet IP address of the instance to be connected in the Host Name (or IP address) text box in root@ IP address format.
    • In the Port text box, enter the port number 22.
    • Select SSH for Connection type.



  5. Click Open to start connecting to your Linux instance.

When Connection established. is displayed, you have successfully logged on to the instance by using the key pair.

Local Linux OS or other OSs supporting SSH commands

This section describes how to use an SSH key pair to log on to a Linux instance on a Linux OS or an OS supporting SSH commands, for example, Windows MobaXterm.

Prerequisites

You have a Linux instance with a key pair allocated. You can allocate a key pair when creating an instance or bind a key pair for the instance.

The following security group rules must be added to the security group where the instance resides. For detailed operations, see add security group rules.

Network type Network card type Rule direction Authorization policy Protocol type Port range Authorization type Authorization object Priority
VPC Not required Inbound Allow SSH (22) 22/22 IP address segment–based access 0.0.0.0/0 1
Classic network Internet

Procedure

  • Method 1

    1. Locate the directory for saving the .pem private key file on your local PC, for example, /root/xxx.pem.
      Note You can download the .pem private key file when you create an SSH key pair. xxx.pem is your private key file.
    2. Run chmod 400 [Directory for saving the .pem private key file on your local PC] to modify the attributes of the private key file, for example, chmod 400 /root/xxx.pem.
    3. Run ssh -i [Directory for saving the .pem private key file on your local PC] root@[Internet IP address] to connect to the instance, for example, ssh -i /root/xxx.pem root@10.10.10.100.
  • Method 2

    You can simplify the connection commands through SSH configurations.

    1. Enter the ssh directory in the root directory and do the following to modify the config file:
      Host ecs    // Set the name of your ECS instance.
      HostName 192. *. *. * // Enter the Internet IP address of your ECS instance.
      Port 22   / Enter the port number, which is 22 by default.
      User Root // Enter your logon account.
      IdentityFile ~/.ssh/ecs.pem // Enter the directory for saving the .pem private key file on your local PC.
    2. Save the config file.
    3. Restart SSH.
    4. Run ssh [ECS name] to connect to your ECS instance, for example, ssh ecs.