Currently, Lighthouse provides two types of user credentials for remote instance login: password and SSH key pair. The latter is a more secure and convenient for login authentication. It is a pair of public and private keys generated by an encryption algorithm and can be bound to a created instance. Then, you can use the private key to log in to the instance.
The SSH key pair login method is applicable to Linux instances only.
An SSH key pair has the following strengths compared with a username and password:
Up to ten SSH key pairs can be created in each region under one account.
- The private key will be automatically downloaded after the creation is completed. Tencent Cloud will not save your private key information. Download and get the private key within 10 minutes after key creation.
- You can download the key only once. Keep it confidential.
When you bind/unbind an instance, if the selected instance is running, pay attention to the following:
- During the binding/unbinding process, the instance will shut down first and then start up, and the business will be interrupted momentarily. We recommend you do so during off-peak hours.
- If the instance fails to shut down normally, it will be forced to shut down. Forced shutdown may cause data losses or file system corruption. Therefore, perform forced shutdown with caution.
- Forced shutdown may take a while. Please be patient.
- To improve the Lighthouse instance security, after a Linux instance is bound to a key, login to the
rootaccount with a password will be forbidden by default. If you want to keep the password login method, modify the configuration as instructed in Modifying SSH configuration.
If an SSH key is bound to a Linux instance, it cannot be deleted.
Log in to the target Linux instance via WebShell. You can also use other login methods as needed.
Run the following command to open the
sshd_config configuration file:
sudo vi /etc/ssh/sshd_config
Press i to switch to the edit mode, find
#Authentication, and change the value of the
PasswordAuthentication parameter to
yes as shown below:
sshd_configconfiguration file doesn't contain this configuration item, add
Run the following command to restart the SSH service. This document uses CentOS 7 as an example. Run the applicable command based on your actual operating system.
sudo systemctl restart sshd
After the restart, you can try logging in with a password.