SSH key pairs are a secure and convenient method for logon authentication. This topic describes how to use an SSH key pair to connect to a Linux instance from a client that supports SSH commands.

Prerequisites

  • You have created an SSH key pair and downloaded the .pem private key file. For more information, see Create an SSH key pair.
  • You have created an instance.
  • You have bound a key pair to the instance.
  • You have allocated a public IP address or an Elastic IP (EIP) address to the instance.
  • The instance is in the Running state.
  • You have added security group rules to the security group to which the instance belongs to allow access over the corresponding port, such as the default port 22 for SSH. For more information, see Add security group rules.
    Network type NIC type Direction Authorization policy Protocol type Port range Priority Authorization type Authorization object
    VPC N/A Inbound Allow SSH (22) 22/22 1 IPv4 CIDR block 0.0.0.0/0
    Classic network Internet

Use key pairs in Windows

The following section uses PuTTYgen as an example to introduce how to convert the private key file format from .pem to .ppk. The section also describes how to use an SSH key pair to connect to a Linux instance.

  1. Download and install PuTTYgen and PuTTY.
    The download links are as follows:
  2. Convert the private key file format from .pem to .ppk.
    1. Start PuTTYgen.
      In this example, PuTTYgen 0.71 is used.
    2. Set Type of key to generate to RSA and click Load.
      windows_puttygen_1
    3. Select All Files.
      windows_puttygen_2
    4. Select the .pem private key file that you want to convert.
    5. In the dialog box that appears, click OK.
    6. Click Save private key.
    7. In the dialog box that appears, click Yes.
    8. Specify the name of the .ppk private key file and click Save.
  3. Start PuTTY.
  4. Configure the private key file that is used for authentication.
    1. Choose Connection > SSH > Auth.
    2. Click Browse….
    3. Select the .ppk private key file that has been converted.
    windows_putty_3
  5. Configure the required parameters to connect to a Linux instance.
    1. Click Session.
    2. In Host Name (or IP address), enter the account and public IP address of the instance.
      The format is root@IP address, such as root@10.10.xx.xxx.
    3. In Port, enter the port number 22.
    4. Set Connection type to SSH.
    windows_putty_4
  6. Click Open.
    If the following message appears, you have logged on to the instance by using the SSH key pair.windows_putty_5

Use key pairs in operating systems that support SSH commands (configured by using commands)

The following section describes how to use commands to configure the required parameters from a client that supports SSH commands. The section also describes how to use SSH commands to log on to a Linux instance.

  1. Find the path where the .pem private key file is stored, such as ~/.ssh/ecs.pem.
    The path and file name are only for reference. Modify the information based on your actual needs.
  2. Run the following command to modify the attribute of the private key file:
    chmod 400 [Path of the .pem private key file on your local PC]
    Example:
    chmod 400 ~/.ssh/ecs.pem
  3. Run the following command to connect to the instance:
    ssh -i [Path for the .pem private key file on your local PC] root@[Public IP address]
    Example:
    ssh -i ~/.ssh/ecs.pem root@10.10.xx.xxx

Use key pairs in operating systems that support SSH commands (configured by using the config file)

The following section describes how to use the config file to configure the required parameters from a client that supports SSH commands. The section also describes how to use SSH commands to connect to a Linux instance.

  1. Go to the .ssh directory under the root directory and modify the config file by using the following method:
    ~/.ssh/ecs.pem is the path of the private key file on your local PC.
    Host ecs    // Enter the name of the ECS instance.
    HostName 192. *. *. *   // Enter the public IP address of the ECS instance.
    Port 22   // Enter the port number. The default port number is 22.
    User root   // Enter the logon account.
    IdentityFile ~/.ssh/ecs.pem // Enter the path of the .pem private key file on the local PC.
  2. Save the config file.
  3. Restart SSH.
  4. Run the following command to connect to the instance:
    ssh [Name of the ECS instance]
    Example:
    ssh ecs