Key Pair
KeyPair is a secure and convenient login method often used for enterprise server batch management. A pair of keys (public key and private key) are generated through encryption algorithms, defaulting to RSA 4096-bit encryption.
Features and Advantages
Compared to password login, key login has the following advantages:
- Security: SSH key pair login authentication is more secure and reliable
- Convenience:
- Use the private key to log in to the target instance through the SSH client, no need to enter a password
- It is convenient for remote login to batch Linux instances for easy management
Usage Limitations
The use of SSH key pairs has the following limitations:
- Supports only Linux instances and instances that support CloudInit
- Only supports the creation of 4096-bit RSA key pairs
- When creating an instance from the console and choosing key login, a Linux instance can only bind one key pair
- If the system is reinstalled with a new key pair when the instance is created, the original key pair will be replaced
- If you need to log in to the instance using multiple key pairs, you can manually modify the
~/.ssh/authorized_keys
file in the instance to add multiple key pairs
Generation Method
- Generated by the interface provided by UCloud Global Cloud. The default is RSA 4096-bit encryption.
Note: If your key pair is generated by the key pair creation function of the console, please be sure to download and properly save the private key the first time you generate the key pair. When this key pair is bound to an instance, you will not be able to log in to the instance without the private key.
- Users generate with SSH key pair generator. The imported key pair supports only ssh-rsa encryption.
How to Use
- Create/Import key pair
Note: After successfully creating the SSH key pair, UCloud Global will save the public part of the SSH key pair. In a Linux instance, the public key content is placed in the
~/.ssh/authorized_keys
file. You need to download and properly keep the private key. The private key uses unencrypted PEM (Privacy-Enhanced Mail) encoded PKCS#8 format.
- Choose the just created key when creating/reinstalling the system and selecting password login.
- Open the SSH client
- Locate your private key file, e.g., private key file is
test.cer
- If necessary, run this command to ensure your key is not visible, example:
chmod 400 test.cer
- Connect to your instance, example:
ssh -i ~/Desktop/test.cer root@113.31.112.80