Workbench is a browser-based remote connection tool provided by Alibaba Cloud. You can use Workbench to connect to Linux instances without a password. Workbench also supports connections to instances that do not have public IP addresses.
Limits
Instance status: The instance must be in the Running status, and its Health Status must be Normal.
RAM permissions: If you are a Resource Access Management (RAM) user, contact your Alibaba Cloud account owner or an administrator to create a service-linked role and grant the required permissions to your RAM user.
Instance security group restrictions: Before you connect to the instance, follow the UI prompts to allow Workbench service-related IP addresses to access the instance. You can do this with a single click.
Maximum session duration: A Workbench remote connection session has a maximum duration of 6 hours. After this period, the connection automatically disconnects and you must reconnect to the instance.
The maximum session duration is also affected by external factors such as browsers. We recommend that you run long tasks in the background.
Method 1: Use a password-free connection (Recommended)
By default, password-free connections use Session Manager. If Session Manager is not enabled, a temporary SSH key pair is used instead.
Log on to the ECS console - Instances. At the top of the page, select a resource group and a region.
Find the target instance and click Remote Connection. In the dialog box that appears, click Log On Now for Connect Via Workbench.
On the Log On To Instance page of Workbench, select Password-free Logon, enter a Username, and then click Log On.
The following figure shows a successful logon:
Method 2: Use a terminal connection (SSH)
Log on to the ECS console - Instances. At the top of the page, select a resource group and a region.
Find the target instance and click Remote Connection. In the dialog box that appears, click Log On Now for Connect Via Workbench.
On the Log On To Instance page of Workbench, complete the following configurations and then click Log On.
Configuration item
Description
Instance
The information about the current instance is automatically filled in.
Connection Method
Select Terminal Connection. This method uses the Secure Shell (SSH) protocol to connect to the instance.
Network Connectivity
Select the Private IP address of the instance.
Authentication Method
ImportantSSH key authentication provides higher security than password authentication. We recommend that you attach a key pair and then use SSH key authentication to log on.
SSH key authentication
Username: The default username for a Linux instance is root.
If you set the logon name to ecs-user when you created the instance, enter ecs-user.
Private Key: Enter the content of the private key file. If the private key file is protected by a security token, you must also enter the Key Passphrase.
Password authentication
Username: The default username for a Linux instance is root.
If you set the logon name to ecs-user when you created the instance, enter ecs-user.
Password: If you forgot the password or have not set one, you must first reset the password.
Select this option to save your logon information after a successful logon. You can then use the saved credential for subsequent logons to the instance.
The following figure shows a successful logon.
More features
Set the destination SSH port
You can set the SSH connection port in the More Options section on the Log On To Instance page, as shown in the following figures.
|
|
Use credential authentication
Credential Authentication is a feature similar to a "remember password" function. It lets you save your username and password or username and key pair as a credential. For subsequent logons, you can select the saved credential instead of re-entering the information.
Credentials are not shared with other users. Only the user who creates a credential can use it to log on to the instance.
Save a logon credential
As shown in the figure, select the option to save the logon information when you log on to an instance. After a successful logon, you can use credential authentication for subsequent logons.
Use a credential to log on to an instance
As shown in the figure, when you specify a username to log on to an instance, you can use the Select Credential option to log on with a saved credential.
FAQ
How does Workbench connect to an instance over a private network?
When you connect to an instance in Workbench using its private IP address, a reverse access rule is automatically created in the instance's VPC. This rule establishes a secure, bidirectional communication channel. To view or manage the rule, click in the top menu bar.
What is the default or initial logon name for an instance?
The default username for a Linux instance is root. If you selected ecs-user when you created the instance, use ecs-user as the username.
What is the default or initial password for an instance?
Instances do not have a default or initial password. To set a password, you can reset the password.
Troubleshoot remote connection failures
If you cannot remotely connect to an instance, you can first use the self-service diagnostic tool to troubleshoot the issue. For manual troubleshooting, see Troubleshoot connection issues for Linux instances.
Use the self-service diagnostic tool for troubleshooting
The Alibaba Cloud self-service troubleshooting tool can quickly detect common issues that cause connection failures. To use the tool, follow these steps:
Click to go to self-service troubleshooting page, and switch to the target region.
Click Start Diagnostics under Instance Connection Failure. Follow the on-screen prompts to select the problematic instance and then click Start Diagnostics.
After the diagnostics are complete, follow the on-screen instructions to fix the issue.