tencent cloud


Managing Keys

Last updated: 2022-04-06 14:31:47


    Currently, Lighthouse provides two types of user credentials for remote instance login: password and SSH key pair. The latter is a more secure and convenient for login authentication. It is a pair of public and private keys generated by an encryption algorithm and can be bound to a created instance. Then, you can use the private key to log in to the instance.
    The SSH key pair login method is applicable to Linux instances only.


    An SSH key pair has the following strengths compared with a username and password:
    Security: compared with general password login, an SSH key pair has a higher security and cannot be cracked with brute force. It is generated by using an asymmetric encryption algorithm and encrypted with a public key. Then, it can be decrypted only with the corresponding private key stored by yourself without being sent over the network.
    Convenience: you can quickly log in to a Linux instance remotely by using an SSH key pair without entering the password each time. In addition, you can also maintain and manage multiple Linux instances more easily in a unified manner in this way.

    Use Limits

    Up to ten SSH key pairs can be created in each region under one account.


    Creating SSH key

    1. Log in to the Lighthouse console and click Key on the left sidebar.
    2. On the key list page, click New.
    3. In the Create an SSH key pop-up window, set the key region, select the key creation method, and click OK.
    The private key will be automatically downloaded after the creation is completed. Tencent Cloud will not save your private key information. Download and get the private key within 10 minutes after key creation.
    You can download the key only once. Keep it confidential.
    If you select Create a key pair as the creation method, enter the key name.
    If you select Use an existing public key as the creation method, enter the key name and existing public key information.

    Binding/Unbinding key to/from instance

    1. Log in to the Lighthouse console.
    2. Click Key List on the left sidebar.
    3. On the key list page, select the target SSH key and click Bind/Unbind Instances.
    4. In the Bind/Unbind Instances pop-up window, select the target Linux instance and click OK.
    When you bind/unbind an instance, if the selected instance is running, pay attention to the following:
    During the binding/unbinding process, the instance will shut down first and then start up, and the business will be interrupted momentarily. We recommend you do so during off-peak hours.
    If the instance fails to shut down normally, it will be forced to shut down. Forced shutdown may cause data losses or file system corruption. Therefore, perform forced shutdown with caution.
    Forced shutdown may take a while. Please be patient.
    To improve the Lighthouse instance security, after a Linux instance is bound to a key, login to the root account with a password will be forbidden by default. If you want to keep the password login method, modify the configuration as instructed in Modifying SSH configuration.

    Deleting SSH key

    If an SSH key is bound to a Linux instance, it cannot be deleted.
    1. Log in to the Lighthouse console.
    2. Click Key List on the left sidebar.
    3. On the key list page, select the target SSH key and click Delete.
    4. In the key deletion pop-up window, click OK.

    Relevant Operations

    Modifying SSH configuration

    1. Log in to the target Linux instance via WebShell. You can also use other login methods as needed.
    2. Run the following command to open the sshd_config configuration file:
    sudo vi /etc/ssh/sshd_config
    3. Press i to switch to the edit mode, find #Authentication, and change the value of the PasswordAuthentication parameter to yes as shown below:
    If the sshd_config configuration file doesn't contain this configuration item, add PasswordAuthentication yes.
    4. Run the following command to restart the SSH service. This document uses CentOS 7 as an example. Run the applicable command based on your actual operating system.
    sudo systemctl restart sshd
    After the restart, you can try logging in with a password.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support