This topic describes how to create an SSH key pair in the Elastic Compute Service (ECS) console. After an SSH key pair is created, its private key is automatically downloaded. You must securely store the private key and ensure its confidentiality. To log on to an ECS instance to which an SSH key pair is bound, you must provide the private key. You can have a maximum of 500 key pairs within a region.


  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > SSH Key Pairs.
  3. In the top navigation bar, select a region.
  4. Click Create SSH Key Pair.
  5. On the Create SSH Key Pair page, configure the parameters described in the following table.
    Parameter Description
    SSH Key Pair Name Enter a name for the key pair. The key pair name must be unique. The name must be 2 to 128 characters in length and can contain letters, digits, periods (.), underscores (_), hyphens (-), and colons (:). It cannot start with a digit or special character.
    Creation Type Select a method of creating the key pair. We recommend that you select Auto-create. Then, you must securely store the private key in a timely manner and ensure its confidentiality.
    • Auto-create: The system creates a key pair for you. The private key is automatically downloaded after the key pair is created. The private key can be downloaded only once. You must securely store the private key file and ensure its confidentiality.
    • Import: You can import a Base64-encoded public key.
    Resource Group You can assign the key pair to a resource group for easy management. For more information, see Resource groups.
    Tag Select one or more tags to add to the key pair. You can add one or more tags to a key pair to facilitate resource search and aggregation. For more information, see Overview.
  6. Click OK.


After the key pair is created, your browser downloads the private key file (<Key pair name>.pem) to your computer.
Notice Private key files are downloaded to your computer only when Auto-create is selected. Private key files are not saved in the ECS console and cannot be recovered if they are lost. Make sure that you securely store your private key files and ensure their confidentiality.

What to do next

Before you can use a created key pair to log on to an instance, you must bind the key pair to the instance.