To ensure the security and reliability of instances, Tencent Cloud offers two encrypted login methods: Password Login and SSH Key Pair Login. This document provides information on the configuration of SSH Key Pair Login.
When customizing the configuration of a Linux cloud server, you can choose SSH Key as the encrypted login method for the server.
SSH Key Overview
Tencent Cloud recommends that you use SSH Key Pairs to log in to Linux instances. SSH Key Pairs are a pair of keys generated through an encryption algorithm. Tencent Cloud-created SSH Key Pairs use RSA 2048-bit encryption, generating both a public key and a private key:
Public Key: After the SSH Key Pair is successfully generated, Tencent Cloud only stores the public key. For Linux instances, the public key content is stored in the
~/.ssh/authorized_keys file.Private Key: You need to download and securely store the private key, which is only available for download once. Tencent Cloud will not save your private key. Anyone with your private key can decrypt your login information, so you must keep the private key in a secure location.
You can securely connect to cloud servers using key pairs, which provide a more secure login method than using regular passwords. To use a key pair to log in to a Linux instance, simply specify the key pair when creating the instance or bind the key pair after the instance is created. This allows you to log in using the private key without entering a password.
Features and Advantages
Compared to traditional password authentication methods, SSH key pair login has the following advantages:
SSH key pair login is more complex and difficult to brute-force.
SSH key pair login is easier to use. You can log in to instances remotely with a few simple configuration steps on the console and your local client, and do not need to enter a password when you log in again.
Usage Limits
SSH key pair login is only available for Linux instances.
Each Tencent Cloud account can have up to 100 SSH key pairs.
Tencent Cloud will not retain your private key. You need to download the private key after creating an SSH key, and keep it safe.
To ensure data security, you need to shut the instance down before loading the key.
To enhance the security of cloud servers, password login will be disabled by default once an instance is bound to a key. If you need to use password login simultaneously, please go to the Cloud Server Console to reset the instance password.
Use Cases
For information on how to create, bind/unbind, and delete keys, please refer to Managing SSH Keys.
To learn about how to log in to CVM instances remotely using an SSH key pair, see: