After configuring your credentials for Alibaba Cloud Client, you can connect to and manage Elastic Compute Service (ECS) instances without a password or a public IP address. You can also use port forwarding to securely access services on your instances from your local machine.
Connect to an instance
Linux instances
You can connect to instances without a public IP address securely using Session Manager. For instances with a public IP address and an open port, you can connect directly using SSH.
Connect with Session Manager
Before connecting to an ECS instance using Session Manager, ensure that Session Manager is enabled.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select Start Session Manager from the Actions column.
Connect with SSH
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select Remote Connect (SSH) ... from the Actions column.
In the dialog box, configure the Username and Port Num, then select an authentication method from the Certifier list:
Temp KeyPair: This method generates a temporary key pair, pushes the public key to the instance via Cloud Assistant, and uses the private key for authentication. It simplifies access by eliminating the need to manage passwords or key files.
Password: Enter a password for your ECS instance.
KeyPair: Log in with an SSH private key file. You can obtain one in either of the following ways.
To enable passwordless login for future connections, select System Manager > Add SSH Key in the Actions column for the target instance to bind an SSH key to it.
In the ECS console, create a key pair (.pem file) and bind it to the ECS instance.
Manually bind a key pair to the ECS instance.
Click Connect to open the SSH terminal.
Windows instances
To use a graphical desktop, connect directly to instances with a public IP address, or use Cloud Assistant for instances without one. To use only a command-line interface, connect by using Session Manager.
Connect with Cloud Assistant
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select Port Forward (via Cloud Assistant) from the Actions column.
In the dialog box, configure the port forwarding rule (the local port must not be in use), and then click Start. The client launches your operating system's remote desktop application.
In the remote desktop connection window, enter the instance's login password to complete the connection.
Connect with Session Manager
Before connecting to an ECS instance using Session Manager, ensure that Session Manager is enabled.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select Start Session Manager from the Actions column.
By default, you log on to Windows instances as the system user. Session Manager provides command-line access only; it does not support a graphical user interface.
Connect with a public IP address
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select Remote Desktop ... from the Actions column.
In the dialog box, confirm the connection information and click Connect. The Alibaba Cloud Client launches your operating system's remote desktop application.
In the remote desktop connection window, enter the instance's login password to complete the connection.
Start and stop an instance
Stopping or rebooting an instance will interrupt your services. Proceed with caution.
Start an instance
In the instance list, find the target instance and select from the Actions column.
In the dialog box, confirm the instance information, and then click Start Instance.
Stop an instance
In the instance list, find the target instance and select from the Actions column.
In the dialog box, configure the stop mode, and then click Stop Instance.
Reboot an instance
In the instance list, find the target instance and select from the Actions column.
In the dialog box, confirm the instance information, and then click Reboot Instance.
Reset an instance password
The new password is transmitted over an encrypted channel and takes effect immediately without requiring a reboot.
In the instance list, find the target instance and select from the Actions column.
In the Reset Password dialog box, enter and confirm the new password, choose whether to enable or keep the original password login method, and then click Reset Password.
Enable release protection
To prevent a pay-as-you-go instance that hosts critical services from being accidentally deleted, enable release protection.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and choose in the Actions column.
Manage security groups
In the instance list, find the target instance and select View Security Groups from the Actions column.
You can view the security group ID, name, type, inbound and outbound rules, and description.
Manage the security group.
Add an inbound or outbound rule.
In the Actions column of the security group, select Add Ingress Rule or Add Egress Rule.
Enter the detailed rule information. For parameter details, see Security group rules.
Modify an authorization policy.
In the row of the security group, click the number in the Ingress Rules or Egress Rules column.
In the Actions column, click Modify Policy.
Select Allow or Deny, and click Modify Policy.
Upload and download files
This feature is available only for Linux instances with a public IP address.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select File Manager (SFTP) ... from the Actions column.
In the dialog box, configure the Username and Port Num, then select an authentication method from the Certifier list:
Temp KeyPair: This method generates a temporary key pair, pushes the public key to the instance via Cloud Assistant, and uses the private key for authentication. It simplifies access by eliminating the need to manage passwords or key files.
Password: Enter a password for your ECS instance.
KeyPair: Log in with an SSH private key file. You can obtain one in either of the following ways.
To enable passwordless login for future connections, select System Manager > Add SSH Key in the Actions column for the target instance to bind an SSH key to it.
In the ECS console, create a key pair (.pem file) and bind it to the ECS instance.
Manually bind a key pair to the ECS instance.
In the file list, find the target file or directory.
You can use the client to transfer files between an ECS instance and an Object Storage Service (OSS) bucket.
To download a file or folder, select Download File or Download Folder in the corresponding Actions column.
To upload a file or folder, select Upload Folder or Upload File above the file list.
Port forwarding (via Cloud Assistant)
Port forwarding lets you remotely connect to a port on an instance without a public IP address. It forwards network traffic from a local port to a port on the instance, providing a convenient and secure way to access services running on the instance. For example, if you have a web application running on port 80 of an ECS instance that does not have a public IP address, you can use port forwarding to access it from a browser on your local computer.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select Port Forward (via Cloud Assistant) ... from the Actions column. In the dialog box, enter the server port number (the service's port on the instance) and the local port number (the listening port on your local machine). You can also configure options to print request/response content or automatically open a webpage for the local port on startup. Click Start.
View the port forwarding logs in the client.
Run remote commands
To quickly perform routine maintenance on instances, such as batch-installing or uninstalling software, resetting user passwords, or running automated O&M scripts, run remote commands on your ECS instances.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select from the Actions column. In the Run Command dialog box, enter your automation script and then click Send.
Release an instance
Once an instance is released, its data cannot be recovered. Before releasing an instance, back up its data by creating a snapshot if necessary.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select in the Actions column.
In the dialog box, confirm the instance information and click Release Instance.
FAQ
Why can't I see any data when I view instance monitoring in the client?
To view monitoring data in the client, you must first grant the AliyunCloudMonitorMetricDataReadOnlyAccess permission to the signed-in RAM user.
How do I set up an SSH key file for passwordless login?
To enable passwordless login to an ECS instance without needing to enter a password or select a key file, add an SSH key in the client for an ECS instance that has a key pair bound to it.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select from Actions column.
In the Add SSH Key dialog box, select your local SSH key file, choose whether to append or replace the key, and then click Add SSH Key.
How do I download a file from an OSS bucket to an instance using the client?
Ensure the signed-in RAM user has the AliyunOSSFullAccess permission.
The client supports both downloading files from OSS to an instance and uploading instance files to OSS.
On the Alibaba Cloud Client Home page, click ECS. Above the instance list, select the region where your instance is located.
In the instance list, find the target instance and select File Manager (SFTP) ... from the Actions column.
In the dialog box, configure the Username and Port Num, then select an authentication method from the Certifier list:
Temp KeyPair: This method generates a temporary key pair, pushes the public key to the instance via Cloud Assistant, and uses the private key for authentication. It simplifies access by eliminating the need to manage passwords or key files.
Password: Enter a password for your ECS instance.
KeyPair: Log in with an SSH private key file. You can obtain one in either of the following ways.
To enable passwordless login for future connections, select System Manager > Add SSH Key in the Actions column for the target instance to bind an SSH key to it.
In the ECS console, create a key pair (.pem file) and bind it to the ECS instance.
Manually bind a key pair to the ECS instance.
In the file list, find the target file or directory.
To upload an instance file to OSS, select Upload to OSS from the Actions column of the instance.
To download a file from OSS, above the file list, click Download OSS File.
Why can't I log in with a temporary key pair or connect to an ECS instance with Cloud Assistant?
This functionality depends on Cloud Assistant Agent running properly on the instance. Since December 1, 2017, Cloud Assistant Agent has been pre-installed on all ECS instances created from public images. If the agent is not installed on your instance, you must manually install Cloud Assistant Agent.