Workbench allows multiple users to connect to a single Elastic Compute Service (ECS) instance at the same time and provides a GUI for users to manage files in Linux instances. Workbench is more efficient and convenient than Virtual Network Console (VNC).
Prerequisites
- A logon password is set for or a key pair is bound to the Linux instance to which you want to connect.
- The instance is in the Running state.
- Security group rules are added to allow the IP addresses related to the Workbench service to access the instance. For more information about the security group rules, see the Add security group rules to allow Workbench access to a Linux instance section.
Background information
By default, a Workbench remote session persists for 6 hours. If you do not perform operations for 6 hours, the remote connection is closed. You must reconnect to the instance.
- SSH: By default, Linux instances are connected by using SSH. SSH can also be used to connect to Windows instances on which a GNU-like system such as Cygwin is installed. For information about how to connect to a Linux instance over SSH, see the Connect to a Linux instance over SSH section.
- Remote Desktop Protocol (RDP): By default, Windows instances are connected by using
RDP. RDP can also be used to connect to Linux instances on which remote desktop services
are enabled. For information about how to connect to a Linux instance over RDP, see
the Connect to a Linux instance over RDP section.
Note If you want to connect to an instance over RDP, make sure that the public bandwidth is at least 5 Mbit/s. If the public bandwidth is less than 5 Mbit/s, the remote desktop freezes.
You can use the GUI provided by Workbench to manage files in your Linux instances in a visual manner. For more information, see Use Workbench to manage files in a Linux instance.
Connect to a Linux instance over SSH
- Check whether the sshd service (such as sshd in Linux) is enabled. If not, enable the sshd service.
- Check whether the required terminal connection port (typically port 22) is enabled. If not, enable the port.
- If you want to log on to the Linux instance as the root user, make sure that
PermitRootLogin yes
andPasswordAuthentication yes
are configured in the /etc/ssh/sshd_config file. For more information, see the Enable root logon over SSH on a Linux instance section.
Connect to a Linux instance over RDP
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select a region.
- On the Instances page, find the instance to which you want to connect, and click Connect in the Actions column.
- In the Connection and Command dialog box, click Connect in the Workbench Connection section.
- In the Instance Login dialog box, specify parameters.
- Click OK.
- Check whether a remote desktop service (such as xfreerdp installed on Linux) is enabled. If not, enable a remote desktop service.
- Check whether the required remote desktop port (typically port 3389) is enabled. If not, enable the port.
- If you want to log on to the Linux instance as the root user, make sure that
PermitRootLogin yes
andPasswordAuthentication yes
are configured in the /etc/ssh/sshd_config file. For more information, see the Enable root logon over SSH on a Linux instance section.
Enable root logon over SSH on a Linux instance
In some Linux systems, sshd disables root logon by default. If this occurs, when you attempt to connect to an instance as the root user over SSH, you are prompted that your username or password is incorrect. To enable root logon over SSH, perform the following operations.
Add security group rules to allow Workbench access to a Linux instance
- If you want to connect to a Linux instance in a VPC, find a security group of the
instance, go to the Security Group Rules page, and then add a rule on the Inbound tab. The following table describes the parameters to be configured for the rule.
NIC Type Rule Direction Action Protocol Type Port Range Priority Authorization Type Authorization Object N/A Inbound Allow - If port 22 is enabled by default on the Linux instance, select SSH (22).
- If you have manually enabled other ports on the Linux instance, select Custom TCP.
- If port 22 is enabled by default on the Linux instance, 22/22 is automatically entered after you select the protocol type.
- If you have manually enabled other ports on the Linux instance, enter a corresponding port range.
1 IPv4 CIDR Block - If you want to connect to the instance by using its public IP address, specify 161.117.90.22. The public IP address can be the public IP address that is automatically assigned to the instance or an elastic IP address (EIP) that is associated with the instance.
- If you want to connect to the instance by using its private IP address, specify 100.104.0.0/16.
Note You can also specify 0.0.0.0/0 as the authorization object to allow inbound access from all IP addresses. However, this imposes security risks. Proceed with caution. - If you want to connect to a Linux instance in the classic network over the Internet,
find a security group of the instance, go to the Security Group Rules page, and then add a rule on the Internet Ingress tab. The following table describes the parameters to be configured for the rule.
NIC Type Rule Direction Action Protocol Type Port Range Priority Authorization Type Authorization Object Public Inbound Allow - If port 22 is enabled by default on the Linux instance, select SSH (22).
- If you have manually enabled other ports on the Linux instance, select Custom TCP.
- If port 22 is enabled by default on the Linux instance, 22/22 is automatically entered after you select the protocol type.
- If you have manually enabled other ports on the Linux instance, enter a corresponding port range.
1 IPv4 CIDR Block If you want to connect to the instance by using its public IP address, specify 161.117.90.22. The public IP address can be the public IP address that is automatically assigned to the instance or an EIP that is associated with the instance. Note You can also specify 0.0.0.0/0 as the authorization object to allow inbound access from all IP addresses. However, this imposes security risks. Proceed with caution. - If you want to connect to a Linux instance in the classic network over the internal
network, security group of the instance, go to the Security Group Rules page, and then add a rule on the Internal Network Ingress tab. The following table describes the parameters to be configured for the rule.
NIC Type Rule Direction Action Protocol Type Port Range Priority Authorization Type Authorization Object N/A Inbound Allow - If port 22 is enabled by default on the Linux instance, select SSH (22).
- If you have manually enabled other ports on the Linux instance, select Custom TCP.
- If port 22 is enabled by default on the Linux instance, 22/22 is automatically entered after you select the protocol type.
- If you have manually enabled other ports on the Linux instance, enter a corresponding port range.
1 IPv4 CIDR Block If you want to connect to the instance by using its internal IP address, specify 161.117.90.22. Notice High security risks may arise if you specify 0.0.0.0/0 as the authorization object. We recommend that you do not specify 0.0.0.0/0.