- Release Notes and Announcements
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Logging In to Linux Instances
- Logging in Windows Instance
- Managing Instances
- Working with Cloud Disks
- Managing Keys
- Managing Firewall
- Managing Snapshot
- Managing Image
- Private Network Interconnection
- OPS and Monitoring
- Access Management
- Transfering File
- Uploading Local Files to Lighthouse
- Uploading File from Windows to Linux Lighthouse Instance via WinSCP
- Uploading File from Windows to Lighthouse Instance via FTP
- Uploading File from Windows to Windows Lighthouse Instance via Remote Desktop Connection
- Uploading File from Linux or macOS to Linux Lighthouse Instance via SCP
- Uploading File from Linux or macOS to Lighthouse Instance via FTP
- Uploading File from Linux to Windows Lighthouse Instance via rdesktop
- Uploading File from macOS to Windows Lighthouse Instance via MRD
- Best Practices
- Ops Guide
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Snapshot APIs
- Key APIs
- CCN APIs
- CBS APIs
- Image APIs
- Firewall APIs
- Instance APIs
- DescribeInstanceVncUrl
- DescribeInstancesDeniedActions
- DescribeInstancesDiskNum
- DescribeInstancesReturnable
- DescribeInstancesTrafficPackages
- DescribeModifyInstanceBundles
- DescribeResetInstanceBlueprints
- IsolateInstances
- ModifyInstancesBundle
- RebootInstances
- ResetInstance
- ResetInstancesPassword
- StartInstances
- StopInstances
- ModifyInstancesAttribute
- ModifyInstancesRenewFlag
- CreateInstances
- DescribeInstances
- TerminateInstances
- Scene APIs
- Package APIs
- Quota APIs
- Region APIs
- Other APIs
- Data Types
- Error Codes
- FAQs
- Contact Us
- lighthouse Policy
- Release Notes and Announcements
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Logging In to Linux Instances
- Logging in Windows Instance
- Managing Instances
- Working with Cloud Disks
- Managing Keys
- Managing Firewall
- Managing Snapshot
- Managing Image
- Private Network Interconnection
- OPS and Monitoring
- Access Management
- Transfering File
- Uploading Local Files to Lighthouse
- Uploading File from Windows to Linux Lighthouse Instance via WinSCP
- Uploading File from Windows to Lighthouse Instance via FTP
- Uploading File from Windows to Windows Lighthouse Instance via Remote Desktop Connection
- Uploading File from Linux or macOS to Linux Lighthouse Instance via SCP
- Uploading File from Linux or macOS to Lighthouse Instance via FTP
- Uploading File from Linux to Windows Lighthouse Instance via rdesktop
- Uploading File from macOS to Windows Lighthouse Instance via MRD
- Best Practices
- Ops Guide
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Snapshot APIs
- Key APIs
- CCN APIs
- CBS APIs
- Image APIs
- Firewall APIs
- Instance APIs
- DescribeInstanceVncUrl
- DescribeInstancesDeniedActions
- DescribeInstancesDiskNum
- DescribeInstancesReturnable
- DescribeInstancesTrafficPackages
- DescribeModifyInstanceBundles
- DescribeResetInstanceBlueprints
- IsolateInstances
- ModifyInstancesBundle
- RebootInstances
- ResetInstance
- ResetInstancesPassword
- StartInstances
- StopInstances
- ModifyInstancesAttribute
- ModifyInstancesRenewFlag
- CreateInstances
- DescribeInstances
- TerminateInstances
- Scene APIs
- Package APIs
- Quota APIs
- Region APIs
- Other APIs
- Data Types
- Error Codes
- FAQs
- Contact Us
- lighthouse Policy
Overview
Currently, Lighthouse provides two types of user credentials for remote instance login: password and SSH key pair. The latter is a more secure and convenient for login authentication. It is a pair of public and private keys generated by an encryption algorithm and can be bound to a created instance. Then, you can use the private key to log in to the instance.
NoteThe SSH key pair login method is applicable to Linux instances only.
Strengths
An SSH key pair has the following strengths compared with a username and password:
- Security: compared with general password login, an SSH key pair has a higher security and cannot be cracked with brute force. It is generated by using an asymmetric encryption algorithm and encrypted with a public key. Then, it can be decrypted only with the corresponding private key stored by yourself without being sent over the network.
- Convenience: you can quickly log in to a Linux instance remotely by using an SSH key pair without entering the password each time. In addition, you can also maintain and manage multiple Linux instances more easily in a unified manner in this way.
Use Limits
Up to ten SSH key pairs can be created in each region under one account.
Directions
Creating SSH key
- Log in to the Lighthouse console and click Key on the left sidebar.
- On the key list page, click New.
- In the Create an SSH key pop-up window, set the key region, select the key creation method, and click OK.
Note:
- The private key will be automatically downloaded after the creation is completed. Tencent Cloud will not save your private key information. Download and get the private key within 10 minutes after key creation.
- You can download the key only once. Keep it confidential.
- If you select Create a key pair as the creation method, enter the key name.
- If you select Use an existing public key as the creation method, enter the key name and existing public key information.
Binding/Unbinding key to/from instance
- Log in to the Lighthouse console.
- Click Key List on the left sidebar.
- On the key list page, select the target SSH key and click Bind/Unbind Instances.
- In the Bind/Unbind Instances pop-up window, select the target Linux instance and click OK.
Note:
When you bind/unbind an instance, if the selected instance is running, pay attention to the following:
- During the binding/unbinding process, the instance will shut down first and then start up, and the business will be interrupted momentarily. We recommend you do so during off-peak hours.
- If the instance fails to shut down normally, it will be forced to shut down. Forced shutdown may cause data losses or file system corruption. Therefore, perform forced shutdown with caution.
- Forced shutdown may take a while. Please be patient.
- To improve the Lighthouse instance security, after a Linux instance is bound to a key, login to the
rootaccount with a password will be forbidden by default. If you want to keep the password login method, modify the configuration as instructed in Modifying SSH configuration.
Deleting SSH key
Note:If an SSH key is bound to a Linux instance, it cannot be deleted.
- Log in to the Lighthouse console.
- Click Key List on the left sidebar.
- On the key list page, select the target SSH key and click Delete.
- In the key deletion pop-up window, click OK.
Relevant Operations
Modifying SSH configuration
Log in to the target Linux instance via WebShell. You can also use other login methods as needed.
Run the following command to open the
sshd_configconfiguration file:sudo vi /etc/ssh/sshd_configPress i to switch to the edit mode, find
#Authentication, and change the value of thePasswordAuthenticationparameter toyesas shown below:Note:If the
sshd_configconfiguration file doesn't contain this configuration item, addPasswordAuthentication yes.
Run the following command to restart the SSH service. This document uses CentOS 7 as an example. Run the applicable command based on your actual operating system.
sudo systemctl restart sshd
After the restart, you can try logging in with a password.
Yes
No
Was this page helpful?