Overview
Currently, Lighthouse provides two types of user credentials for remote instance login: password and SSH key pair. The latter is a more secure and convenient for login authentication. It is a pair of public and private keys generated by an encryption algorithm and can be bound to a created instance. Then, you can use the private key to log in to the instance.
Note:
The SSH key pair login method is applicable to Linux instances only.
Strengths
An SSH key pair has the following strengths compared with a username and password:
Security: compared with general password login, an SSH key pair has a higher security and cannot be cracked with brute force. It is generated by using an asymmetric encryption algorithm and encrypted with a public key. Then, it can be decrypted only with the corresponding private key stored by yourself without being sent over the network.
Convenience: you can quickly log in to a Linux instance remotely by using an SSH key pair without entering the password each time. In addition, you can also maintain and manage multiple Linux instances more easily in a unified manner in this way.
Use Limits
Up to ten SSH key pairs can be created in each region under one account.
Directions
Creating SSH key
1. Log in to the Lighthouse console and click Key on the left sidebar. 2. On the key list page, click New.
3. In the Create an SSH key pop-up window, set the key region, select the key creation method, and click OK.
Note:
The private key will be automatically downloaded after the creation is completed. Tencent Cloud will not save your private key information. Download and get the private key within 10 minutes after key creation.
You can download the key only once. Keep it confidential.
If you select Create a key pair as the creation method, enter the key name.
If you select Use an existing public key as the creation method, enter the key name and existing public key information.
Binding/Unbinding key to/from instance
2. Click Key List on the left sidebar.
3. On the key list page, select the target SSH key and click Bind/Unbind Instances.
4. In the Bind/Unbind Instances pop-up window, select the target Linux instance and click OK.
Note:
When you bind/unbind an instance, if the selected instance is running, pay attention to the following:
During the binding/unbinding process, the instance will shut down first and then start up, and the business will be interrupted momentarily. We recommend you do so during off-peak hours.
If the instance fails to shut down normally, it will be forced to shut down. Forced shutdown may cause data losses or file system corruption. Therefore, perform forced shutdown with caution.
Forced shutdown may take a while. Please be patient.
To improve the Lighthouse instance security, after a Linux instance is bound to a key, login to the root
account with a password will be forbidden by default. If you want to keep the password login method, modify the configuration as instructed in Modifying SSH configuration. Deleting SSH key
Note:
If an SSH key is bound to a Linux instance, it cannot be deleted.
2. Click Key List on the left sidebar.
3. On the key list page, select the target SSH key and click Delete.
4. In the key deletion pop-up window, click OK.
Relevant Operations
Modifying SSH configuration
1. Log in to the target Linux instance via WebShell. You can also use other login methods as needed.
2. Run the following command to open the sshd_config
configuration file:
sudo vi /etc/ssh/sshd_config
3. Press i to switch to the edit mode, find #Authentication
, and change the value of the PasswordAuthentication
parameter to yes
as shown below:
Note:
If the sshd_config
configuration file doesn't contain this configuration item, add PasswordAuthentication yes
.
4. Run the following command to restart the SSH service. This document uses CentOS 7 as an example. Run the applicable command based on your actual operating system.
sudo systemctl restart sshd
After the restart, you can try logging in with a password.
Was this page helpful?