Elastic Compute Service:Log on to a Linux instance as a user-created user by using an SSH key pair

Working principle

When you create ECS instances, you can configure root or ecs-user as the logon username of the instances. Specific images support only ecs-user as the logon username. The supported default logon usernames are displayed on the ECS instance buy page. After you bind an SSH key pair to an ECS instance, the public key information is stored in the ~/.ssh/authorized_keys file. You can log on to the instance as root or ecs-user by using the SSH key pair. For more information, see Connect to a Linux instance by using a password or key or Connect to a Linux instance by using an SSH key pair.

When you create a regular user on a Linux instance, the .ssh/authorized_key file does not exist in the directory of the regular user. As a result, you cannot log on to the Linux instance as the regular user by using an SSH key pair. In this case, copy the ~/.ssh/authorized_keys file to the .ssh directory of the regular user. Then, you can use the private key file to log on to the Linux instance as the regular user.

Prerequisites

An SSH key pair is bound to a Linux instance. For information about how to bind an SSH key pair to a Linux instance, see Bind an SSH key pair.

Procedure

In this example, a user whose name is user1 is created on an ECS instance that runs an Alibaba Cloud Linux 3.2104 LTS 64-bit operating system, and user1 is logged on to the instance by using an SSH key pair. Perform the following steps:

1. Connect to the Linux instance to which you want to log on.

   For more information, see Connect to a Linux instance by using a password or key.

2. Run the following commands to create a user whose name is user1 and view the home directory of the user.

   Important

   To create users, you must use the root user. If you configured ecs-user as the logon username during instance creation and log on to the instance as ecs-user, run the sudo su - command to switch to the root user before you create a user.

   useradd user1
   ls /home/

3. Run the following commands to switch to the directory of user1 and view the path to the directory:

   su - user1
   pwd

4. Run the following commands to create the .ssh directory in which you want to store an SSH key pair and grant permissions on the directory:

   mkdir .ssh
   chmod 700 .ssh

5. Run the exit command to exit user1.

   By default, you are switched to the root user.

6. Run the following commands to copy the authorized_keys file to the .ssh directory of user1 and go to the .ssh directory of user1.

   Note

   If you configured ecs-user as the logon username during instance creation, the path to the authorized_keys file is /home/ecs-user/.ssh.

   cp /root/.ssh/authorized_keys /home/user1/.ssh/
   cd /home/user1/.ssh

   

7. Run the ls -al command to view the owner and the group to which the authorized_keys file belongs.

   If the group to which the authorized_keys file belongs is not user1, run the chown user1:user1 authorized_keys command to change the group to which the file belongs.

8. Connect to the Linux instance as user1 by using an SSH key pair.

   For more information, see Connect to a Linux instance by using an SSH key pair or Connect to a Linux instance by using a password or key. If you are logged on to the Linux instance as user1, the message that is shown in the following figure appears.

References

• If multiple users or administrators want to access a Linux instance, you may need to add or manage other SSH key pairs for the instance. For information about how to manage SSH key pairs, see the following topics:

  • Unbind an SSH key pair

  • Add or replace an SSH key pair

• In addition to the SSH key pair-based connection method, ECS instances support other connection methods. For more information, see Connection method overview.