forked from docs/doc-exports
wanghuijuan738
4d1fac645a
Reviewed-by: Pristromskaia, Margarita <margarita.pristromskaia@t-systems.com> Co-authored-by: wanghuijuan738 <wanghuijuan738@huawei.com> Co-committed-by: wanghuijuan738 <wanghuijuan738@huawei.com>
36 lines
7.0 KiB
HTML
36 lines
7.0 KiB
HTML
<a name="EN-US_TOPIC_0000001278335673"></a><a name="EN-US_TOPIC_0000001278335673"></a>
|
|
|
|
<h1 class="topictitle1">Application Scenarios for Using Key Pairs</h1>
|
|
<div id="body0000001278335673"><div class="section" id="EN-US_TOPIC_0000001278335673__section336851111274"><h4 class="sectiontitle">Key Pairs</h4><p id="EN-US_TOPIC_0000001278335673__p48923129273">Key pairs (SSH key pairs) are a set of security credentials for identity authentication when you remotely log in to ECSs.</p>
|
|
<p id="EN-US_TOPIC_0000001278335673__p12739174062815">A key pair consists of a public key and a private key. Key Pair Service (KPS) stores the public key and you store the private key. If you have bound a public key to a Linux ECS, you can use the corresponding private key, rather than a password, to log in to the ECS. You do not need to worry about password interception, cracking, or leakage.</p>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0000001278335673__section72625177171"><h4 class="sectiontitle">Scenarios</h4><p id="EN-US_TOPIC_0000001278335673__p64851122187">When purchasing an ECS, you are advised to select the key pair login mode. For Windows ECSs, key pairs are required to decrypt the passwords so that you can use the decrypted password to log in.</p>
|
|
<ul id="EN-US_TOPIC_0000001278335673__ul114361152198"><li id="EN-US_TOPIC_0000001278335673__li14436191511190">Logging in to a Linux ECS<p id="EN-US_TOPIC_0000001278335673__p18838194782716"><a name="EN-US_TOPIC_0000001278335673__li14436191511190"></a><a name="li14436191511190"></a>You can directly use a key pair to log in a Linux ECS.</p>
|
|
<div class="p" id="EN-US_TOPIC_0000001278335673__p039916594416"><ul id="EN-US_TOPIC_0000001278335673__ul181461546172719"><li id="EN-US_TOPIC_0000001278335673__li71454469278">When creating an <span id="EN-US_TOPIC_0000001278335673__text1814518466273">ECS</span>, select the key pair login mode. For details, see "Set <strong id="EN-US_TOPIC_0000001278335673__b123888208254">Login Mode</strong>" in <a href="en-us_topic_0163572591.html">Step 3: Configure Advanced Settings</a>.</li><li id="EN-US_TOPIC_0000001278335673__li1114624612274">After the ECS is created, bind a key pair to the ECS by referring to "Binding a Key Pair" in the <em id="EN-US_TOPIC_0000001278335673__i2105132216190"><span id="EN-US_TOPIC_0000001278335673__ph1354154620325">Key Management Service</span> User Guide</em>.</li></ul>
|
|
</div>
|
|
</li></ul>
|
|
<ul id="EN-US_TOPIC_0000001278335673__ul6174151881910"><li id="EN-US_TOPIC_0000001278335673__li417414186193">Logging in to a Windows ECS<p id="EN-US_TOPIC_0000001278335673__p8107142963217"><a name="EN-US_TOPIC_0000001278335673__li417414186193"></a><a name="li417414186193"></a>You can use the key pair to obtain a password for login. The password is randomly generated and is more secure.</p>
|
|
<p id="EN-US_TOPIC_0000001278335673__p1950533818159">For details, see <a href="en-us_topic_0031107266.html">Obtaining the Password for Logging In to a Windows ECS</a>.</p>
|
|
</li></ul>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0000001278335673__section11987840143215"><h4 class="sectiontitle">Creating a Key Pair</h4><p id="EN-US_TOPIC_0000001278335673__p57138362142357">You can create a key pair or use an existing one for remote login authentication.</p>
|
|
<ul id="EN-US_TOPIC_0000001278335673__ul1480389919483"><li id="EN-US_TOPIC_0000001278335673__li91334411120">Creating a key pair<div class="p" id="EN-US_TOPIC_0000001278335673__p305358071120"><a name="EN-US_TOPIC_0000001278335673__li91334411120"></a><a name="li91334411120"></a>You can create a key pair using either of the following methods:<ul id="EN-US_TOPIC_0000001278335673__ul4158767114307"><li id="EN-US_TOPIC_0000001278335673__li4071623014303">Follow the instructions in <a href="en-us_topic_0000001278350057.html">(Recommended) Creating a Key Pair on the Management Console</a>. The public key is automatically stored in the system, and the private key is stored locally.</li><li id="EN-US_TOPIC_0000001278335673__li3351550103416">Follow the instructions in <a href="en-us_topic_0000001234335274.html">Creating a Key Pair Using PuTTY Key Generator</a>. Both the public and private keys are stored locally.<p id="EN-US_TOPIC_0000001278335673__p162110523343">After the key pair is created, import the key pair following the instructions provided in <a href="en-us_topic_0000001278734873.html">Importing a Key Pair</a> so that you can use it.</p>
|
|
</li></ul>
|
|
</div>
|
|
</li><li id="EN-US_TOPIC_0000001278335673__li5856373211153">Using an existing key pair<p id="EN-US_TOPIC_0000001278335673__p1397914811153"><a name="EN-US_TOPIC_0000001278335673__li5856373211153"></a><a name="li5856373211153"></a>If an existing key pair (created using PuTTYgen, for example) is available, you can import the public key by referring to <a href="en-us_topic_0000001278734873.html">Importing a Key Pair</a> on the management console to let the system maintain your public key.</p>
|
|
<div class="note" id="EN-US_TOPIC_0000001278335673__note34429373192252"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001278335673__p45841647192116">If the public key of the existing key pair is stored by clicking <strong id="EN-US_TOPIC_0000001278335673__b15253196121110">Save public key</strong> on puttygen.exe, the public key cannot be imported to the management console.</p>
|
|
<p id="EN-US_TOPIC_0000001278335673__p41428907192252">If you want to use this existing key pair for remote login, see <a href="en-us_topic_0047654687.html">Why Does a Key Pair Created Using puttygen.exe Fail to Be Imported on the Management Console?</a></p>
|
|
</div></div>
|
|
</li></ul>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0000001278335673__section57670118165256"><h4 class="sectiontitle">Constraints</h4><ul id="EN-US_TOPIC_0000001278335673__ul39416956165437"><li id="EN-US_TOPIC_0000001278335673__li914832612416">Key pairs can be used to remotely log in to Linux ECSs only.</li><li id="EN-US_TOPIC_0000001278335673__li173231662366">SSH-2 key pairs created on the console support only the RSA-2048 cryptographic algorithms.</li><li id="EN-US_TOPIC_0000001278335673__li33811559184416">Key pairs are only for one user but they can be imported to other users.</li><li id="EN-US_TOPIC_0000001278335673__li258245044717">Key pairs can be used only for ECSs in the same region.</li><li id="EN-US_TOPIC_0000001278335673__li11304141193611">Imported key pairs support the following cryptographic algorithms:<ul id="EN-US_TOPIC_0000001278335673__ul92724289362"><li id="EN-US_TOPIC_0000001278335673__li2069732612367">RSA-1024</li><li id="EN-US_TOPIC_0000001278335673__li1870018264364">RSA-2048</li><li id="EN-US_TOPIC_0000001278335673__li270219265362">RSA-4096</li></ul>
|
|
</li><li id="EN-US_TOPIC_0000001278335673__li3163843411410">Store your private key in a secure place because you need to use it to prove your identity when logging in to your ECS. The private key can be downloaded only once.</li></ul>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0000001234175322.html">Key Pairs</a></div>
|
|
</div>
|
|
</div>
|
|
|