Locked out of AWS EC2 Instance - forgot ssh root password? - amazon-web-services

When I log into my AWS EC2 instance via ssh, all of a sudden I'm being given this error:
-bash: /etc/profile: Permission denied
Super annoying, and it appears as though somehow permissions have been changed (accidentally), and I can't get back in. That said, I've tried logging in as root user vs. ec2-user, but I can't seem to remember the password I set for user root.
How can I recover this password or reset it without root user access? Help!

By default, root user login is disabled on EC2 instances, as documented here:
https://aws.amazon.com/premiumsupport/knowledge-center/set-change-root-linux/
So, unless you explicitly enabled SSH root login, there is no point in trying to find out the root password.
However, ec2-user should be a sudo user itself, try executing
sudo chmod 755 /etc/profile

Related

AWS Lightsail comes preloaded with "bitnami" user. Can I create my own user and delete bitnami safely?

I started up my first AWS Lightsail instance. I am have some experience creating Digital Ocean droplets but I am new to AWS Lightsail. I picked the AWS Lightsail instance pre-loaded with Nginx VPS. When I make a new Digital Ocean droplet, I don't think it comes with a default user, I think it's just "root," but the first thing I do is make a new user, add this new user to the sudo group, and disable logging in as "root." My understanding is that this is a good practice for security, because an unknown username is 1 extra step against a security breach. If someone is looking around the internet for ssh ports and attempting to gain access, they will probably try logging in as "root." If there is no "root" login it doesn't even matter if the hacker gets a password or ssh key.
So when I noticed that AWS Lightsail comes pre-made with a user named "bitnami," I saw this as a security risk. What's even worse is that they provide you with a downloadable ssh key to login through a local terminal. If someone gets this ssh key, they already know that the username is "bitnami."
I've created a new user and added it to the sudo group with sudo adduser <MY NEW USER NAME>, then sudo usermod -aG sudo <MY NEW USER NAME>. I added my local ssh keys to the new user's "authorized_keys" file. So my question is, now that I have a new user in the sudo group with my local ssh key authorized, can I delete the "bitnami" user with sudo deluser --remove-home <MY NEW USER NAME> then sudo deluser <MY NEW USER NAME>? Is that safe and would this also render the default ssh key which I downloaded unusable?

Got permission denied in ssh in aws instance

I have install git in my EC2 instance.
git version 2.14.5
I have create a new IAM user and give codeCommit permission.
In next, I have follow all the steps one by one from this link. which works fine.
At the 8th step I have add this code in my config file.
Host git-codecommit.*.amazonaws.com
User {{SSH KEY ID}}
IdentityFile ~/.ssh/id_rsa
Then I have assign 600 to config.
And then I have fire this command to test my SSH.
ssh git-codecommit.us-east-2.amazonaws.com
Error
Permission denied (publickey).
Can any one help me to fixed this issue ?
Can you retry the process with 400 permission on the ssh key
chmod 400 <key>.pem
If your goal is to access a repository from CodeCommit, you can do it with:
git clone ssh://git-codecommit.us-east-2.amazonaws.com/repo-name
If you try to ssh directly to CodeCommit, the connection will be denied with the message:
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.

AWS EC2 Permission denied

When i try to log in into EC2 instance through ssh, i got the below error Permission denied (publickey)
I checked the host name and username, everything is fine. Wrongly i given the chmod -R 777 . from ec2 instance root directory when i was logged at last time, After that i could not able connect to instance. I need some files from ec2-instance. Is there any way to get log in into ec2?. Also i tried with new instance. Its working.
Is there any possibility?
I haven't tried this myself, but I don't see why it wouldn't work.
Try snapshotting your instance (create image button from ec2 console). Once complete, find your snapshot in the Ec2 console. It should be backed by an EBS volume with an id of the pattern "vol-xxxxxxxx".
Spin up a new instance and attach "vol-xxxxxxxx" as secondary storage. SSH to the new instance and mount the device "vol-xxxxxxxx" correlates to (e.g. /dev/xvdf) to a temp directory and find the files you're looking for.
Detach your root volume and attach to another instance.
Login to the ec2 instance
mkdir tempfolder
sudo mount /dev/svdf1 (normally /dev/svdf1, you can list out your volumes to make sure)
cd tempfolder/home
chmod 700 -R ec2-user
sudo umount tempfolder
Detach volume and attach it to old instance, remember it's root instance so you attach it with name "/dev/xvda".
I faced the similar problem.
you will not able to re-cover the old instance, just create new instance and set the permissions
chmod 777 (don't use -R) option, then your problem will be resolved.
One reason can be that your key file is not publicly viewable for SSH to work. Use this command if needed:
chmod 400 mykey.pem
Also keep in mind the correct user id for EC2(ec2-user) instance and the command:
ssh -l ec2-user -i .ssh/yourkey.pem public-ec2-host
Use Winscp to revert the permission change.
Recently I had accidentally changed the "/home/ec2-user" directory permissions to 777 using putty. I was immediately logged out. I was also logged into the server using "Winscp" and it didn't get disconnected after chaging the permissions.
The solution is change the permission on "/home/ec2-user" back to 700 using Winscp and I was able to log back in. It worked for me. Winscp saved me a lot of trouble.

AWS how to access via SSH an instance from my OSX console as a user

I am correctly accessing an AWS Ubuntu instance via SSH from my OSX console via the standard ubuntu root (I copied the was public key in my ~/.ssh local directory
ssh -i ~/.ssh/aws-publickey.pem ubuntu#ec2-54-187-218-213.us-west-2.compute.amazonaws.com
However , I'ld like to access via a user account with admin rights..
I try to understand the 'huge' AWS documentation, I created an IAM, aws user account 'joe' , but then I don't know what are the following steps ...
should I use OpsWork ( as stated) to add a public key to this user ?
is this public key my id_rsa.pub , I have on my Mac for this user 'joe' in ~/.ssh
or should I re-use the same public key ~/.ssh/aws-publickey.pem ?
thanks for enlightenment ...
I believe you are confusing IAM users (accounts on Amazon Web Services) and user accounts on a Linux box. These are not related in any way.
The IAM user account joe you have created can be assigned fine grained permissions to perform any functions you can perform at the AWS console such as launch servers, take snapshots etc. It has nothing to do with user accounts on the Linux boxes you launch.
Initially the only user accounts on a fresh Ubuntu box are the ubuntu account which you can log in with, and the root account which is the super user or admin account you refer to. I suspect you are coming from a Windows background, because it is not common practice to have multiple "admin" accounts.
If a user needs access to elevated permissions they would usually be assigned some level of sudo access which offers fine grained control over what they can do. Your ubuntu account already has full sudo access so you can run any command as root with sudo command.
In order for you to have a joe account on the new Linux box you would have to:
Log in as ubuntu (as this is the only account accessible via ssh initially)
Create a new user account (you need to be root to do this so either use sudo or become root first with sudo su -). Run man adduser to see the command for adding a user account.
Copy your ~/ssh/id_rsa.pub file from your Mac to ~/.ssh on the new linux account.
Make sure the .ssh directory and contents can't be modified by running chmod -R 700 ~/.ssh or ssh will refuse to connect without a password.

couldn't get root access to aws ec2

I'm trying to access aws instance using ssh with private keys downloaded from aws.
I got access using ec2-user which their documentation suggested.
$ ssh -i upd_prayag.pem ec2-user#ec2-54-209-155-100.compute-1.amazonaws.com
Apparently, I find two users there,
ec2-user
prayagupd
What I want is ls the user prayagupd to check whether the directory I have cloned from github exists there.
Unfortunately I see permission denied message on that user.
I get Permission denied (publickey) on
$ sudo ssh -i upd_prayag.pem ec2-user#ec2-54-209-155-100.compute-1.amazonaws.com
They suggest sudo su - should work but it has been asking password, some of the links I found through google is making me anxious that I can't get root access.
Reference
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
If the instance is created from an AWS image, then you cannot get root access.