Help Center

Elastic Cloud Server

Product Overview
User Guide
Subscription Guide
Beginner's Guide
Quick Start
ECS Instance
Monitoring the Cloud Server
Best Practices
Troubleshooting
FAQs
Agreements

Introduction to Key Pair Usage Scenarios

2025-11-25 06:58:28

Key pair

Key pair, also known as SSH key pair, is an authentication method for remote login to cloud server, which is different from the traditional username and password login method.

The key pair consists of a public key and a private key, with the public key kept in the system and the private key kept locally by the user. If the user configures the public key in the Linux cloud server, they can use the private key to log in to the Linux cloud server without entering the password. By using the key pair to log in to Linux cloud server, you can prevent the password from being intercepted or cracked and the account password from being leaked, thereby improving the security of the Linux cloud server.

You can manage key pairs by creating, importing, binding, viewing, resetting, replacing, unbinding, and deleting them.

Scenarios

It is recommended that users choose to use key pairs for identity authentication when purchasing ECS.

By associating the public key with the cloud server, SSH authentication is implemented to ensure that only users holding the corresponding private key can access the server. This improves the security of remote access and prevents unauthorized access.

If you purchase an ECS running Linux OS, you can use a key pair to remotely log in to the cloud server without entering the password.

· When creating an ECS, select the Linux image and select key pair login method. For details, see "Advanced Configuration" in Getting Started: Purchasing and Logging in to Linux ECS.

· After the ECS is created, bind the key pair to the cloud server by binding/replacing key pairs for cloud server.

Instructions for Creating Key Pair

You can use an existing key pair or create a new one for remote login authentication.

Create a new key pair

If there is no key pair available, you need to create a new key pair and provide the private key for authentication when logging in to the ECS to implement remote login authentication. You can create a key pair in the following ways:

Creating a key pair on the console: The public key is automatically kept in the system, while the private key is kept locally by the user.

Note

In order to ensure the security of the cloud server, the private key can only be downloaded once. If the private key is lost, you will not be able to log in to the cloud server, please keep it properly.

After a new key pair is created, you can view the SSH key pair list page and click the Refresh button in the upper right corner of the list to view the creation of the SSH key pair.

Use an existing key pair

If you wish to use a locally existing key pair, you can import the key pair public key in the Management Console and have the system maintain your public key file. For details, see Importing a Key Pair.

Restriction and Limitations

· The key pair only supports remote login to Linux cloud server.

· The key pair can only be used by cloud servers in this region.

· SSH-2 key pairs created via the Management Console only support the RSA-2048 encryption/decryption algorithm.

· The encryption/decryption algorithms supported by externally imported key pairs are:

RSA-1024

RSA-2048

RSA-4096

· In order to ensure the security of the cloud server, the private key can only be downloaded once. If the private key is lost, you will not be able to log in to the cloud server, please keep it properly.


The previous article -  Key Pair
The next article -  Create a key pair in the console
wesWQ.qHRBUs