Elastic Compute Service:Connect to a Linux instance by using the config_ecs_instance_connect plug-in

Procedure

1. Run the following command on Session Manager Client to generate a Rivest-Shamir-Adleman (RSA) public key and key file:

   ssh-keygen -t rsa

   Press the Enter key as prompted. A command output similar to the following one indicates that the public key and key file are generated.

   Note The default path of the generated public key is ~/.ssh/id_rsa.pub.
2. Use Cloud Assistant to run the following command to install and enable the config_ecs_instance_connect plug-in on the instance to which you want to connect.
   For more information, see Run a command.

   acs-plugin-manager -e -P config_ecs_instance_connect --params --install

3. Send the SSH public key to the instance.
   You can use one of the following methods to send the SSH public key to the instance:

   • Call an API operation.

     Call the InvokeCommand operation to run the common command named ACS-ECS-SendSshPublicKey-linux.sh to send the public key to the instance.

     Take note of the following parameters. For more information about the parameters of the InvokeCommand operation, see InvokeCommand.

     • CommandId: the ID of the command. Set the value to ACS-ECS-SendSshPublicKey-linux.sh.
     • username: the username used to connect to the instance. Default value: root.
     • sshpublickey: required. The content of the SSH public key. Set the value to the content of the id_rsa.pub file generated in Step 1.

     import com.aliyuncs.DefaultAcsClient;
     import com.aliyuncs.IAcsClient;
     import com.aliyuncs.exceptions.ClientException;
     import com.aliyuncs.exceptions.ServerException;
     import com.aliyuncs.profile.DefaultProfile;
     import com.google.gson.Gson;
     import java.util.*;
     import com.aliyuncs.ecs.model.v20140526.*;
     
     public class InvokeCommand {
     
         public static void main(String[] args) {
             DefaultProfile profile = DefaultProfile.getProfile("cn-beijing", "<accessKeyId>", "<accessSecret>");
             IAcsClient client = new DefaultAcsClient(profile);
     
             InvokeCommandRequest request = new InvokeCommandRequest();
             request.setRegionId("cn-beijing");
             request.setCommandId("ACS-ECS-SendSshPublicKey-linux.sh");
     
             List<String> instanceIdList = new ArrayList<String>();
             instanceIdList.add("i-xxxxxx");
             request.setInstanceIds(instanceIdList);
             request.setParameters("{\"username\":\"root\", \"sshpublickey\":\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDftEm8H5A19FXv5SCVzHqmS9vg+8B4wsp9M/U/vKwPMlM0fJr8Z52ErGnEnpFA24hLSf/Ffpht19tp+QtsYhVcg xxx\"}");
     
             try {
                 InvokeCommandResponse response = client.getAcsResponse(request);
                 System.out.println(new Gson().toJson(response));
             } catch (ServerException e) {
                 e.printStackTrace();
             } catch (ClientException e) {
                 System.out.println("ErrCode:" + e.getErrCode());
                 System.out.println("ErrMsg:" + e.getErrMsg());
                 System.out.println("RequestId:" + e.getRequestId());
             }
     
         }
     }

   • Use Cloud Assistant.
     1. Log on to the ECS console.
     2. In the left-side navigation pane, choose Maintenance & Monitoring > ECS Cloud Assistant.
     3. Click the Common Commands tab.
     4. Find ACS-ECS-SendSshPublicKey-linux.sh in the Command Name/ID column and click Create Task in the Actions column.
     5. In the Create Task panel, configure parameters.
        • Take note of the following parameters:
          • username: the username used to connect to the instance. Default value: root.
          • sshpublickey: required. The content of the SSH public key. Set the value to the content of the id_rsa.pub file generated in Step 1.
        • Select Instances: Select the instance to which you want to connect.
        
     6. Click Create Task.
4. Connect to the instance without a password.
   You can use the public IP address or ID of the instance to connect to the instance without a password.

   • Connect to the instance by using its public IP address without a password.

     ssh -i ~/.ssh/id_rsa username@instance_ip 

     Note In the preceding command, replace ~/.ssh/id_rsa with the actual path of the private key, username with the username that you want to use to connect to the instance, and instance_ip with the public IP address of the instance.
   • Connect to the instance by using its ID without a password.

     ssh -i ~/.ssh/id_rsa username@instance_id 

     Note

     • Make sure that ali-instance-cli is installed on Session Manager Client. For more information, see Linux and macOS operating systems or Windows operating systems.
     • In the preceding command, replace ~/.ssh/id_rsa with the actual path of the private key, username with the username that you wan to use to connect to the instance, and instance_id with the ID of the instance.

FAQ

When I attempt to connect to the instance in password-free mode, why am I still prompted for a password?

A public key remains valid for only 60 seconds after it is registered with an instance. Check whether your public key has expired.

An error is reported when I install the config_ecs_instance_connect plug-in by using Cloud Assistant or by running a common Cloud Assistant command. How do I identify the issue?