You can create an SSH key pair in the Elastic Compute Service (ECS) console. You can also use a third-party tool to generate an SSH key pair and import its public key to Alibaba Cloud.


The public key information of the SSH key pair to be imported is obtained. For information about how to obtain the public key information of SSH key pairs, see View public key information.

Background information

  • Do not import the private key. You must keep the private key secure. To log on to an ECS instance bound with an SSH key pair, you must have the private key.
  • Only one public key can be imported into an ECS instance.

Each Alibaba Cloud account can have a maximum of 500 key pairs within a region. For more information, see Limits.

Imported public keys must be encoded in Base64 and support one of the following encryption methods:
  • rsa
  • dsa
  • ssh-rsa
  • ssh-dss
  • ecdsa


  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > SSH Key Pairs.
  3. In the top navigation bar, select a region.
  4. Click Create SSH Key Pair.
  5. Enter an SSH key pair name and set Creation Type to Import.
    Note The SSH key pair name must be unique. Otherwise, you are prompted that the name is already in use.
  6. In the Public Key field, enter the public key to be imported.
  7. Click OK.

What to do next

Bind an SSH key pair to an instance