I have two EC2 instances and i am trying to sync a directory between the two of them.
I have set up the lsyncd service on one of the instances and was able to sync a directory to different directory on the same instance.
Now i am trying to sync the same directory with the second instance and it is not working.
The reason it is not working is that I am not able to put the key that was generated on the first instance using ssh-keygen -t rsa on the second instance in order to allow them access each other.
I have tried sudo ssh-copy-id -i /path/to/key ec2-user#ip-of-second-instance but it did not work.
I have also tried to manually copy the public part from the key.pub file of the first instance to the ~/.ssh/authorized_keys of the second instance but it did not work either.
That is my lsynd configuration settings:
settings = {
insist = true,
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status"}
sync {
default.rsyncssh,
source = "/home/ec2-user/IntSrv/Sync",
host = "second-instance-ip",
target = "/home/ec2-user/GenSrv/Sync",
}
What am i doing wrong? How can i fix that issue?
Any help would be appreciated. Thank you.
You might want to start again with the keys.
You should really be generating your own keys for each user. Then, for each user you want to grant access to the instance, add their key to the .ssh/authorized_keys file, either for the ec2-user or preferably create a user account for them first and add it to their authorized_keys file.
The keys generated by Amazon EC2 should be used to gain initial access to your instances. Then, proper security practice is to remove that key and add your own keys. This way, you have each person accessing via their own keypair, which can be removed if you wish to rescind access.
While I'm not familiar with lsyncd, I suspect that if you get ssh working, then lsyncd will probably work fine, too.
So, quick summary:
Generate a key for YOU using ssh-keygen
Connect to the desired instances, and add your public keypair to authorized_keys within the desired user home directory
Use those keys instead of the ones generated by Amazon EC2
Related
I recently changed the region of my EC2 instance via creating an AMI of the previous instance and sending it to the new region and launching a new instance from it. However, it now uses the key in the key pair in the old region.
In order to avoid confusion for myself in the future, I want to move the key from the key pair in the old region to the new region (so I have everything in the same region)
I can import the key into the new region, but to do so I need the public key. Question is, I have no idea how to get the public key. I've Googled and looked everywhere, can't find how to get the public half of my key on file so I can import it in the new region
How do I get the public key file?
Thanks in advance
Found the answer.
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-key-pairs.html#retrieving-the-public-key-windows
On your local Windows computer, you can use PuTTYgen to get the public key for your key pair.
Start PuTTYgen, choose Load, and select the .ppk or .pem file. PuTTYgen displays the public key.
Thank you, anyway
If you can login to the ec2 instance, you should be able to go to your ~/.ssh folder. You should see something like this:
You need to know the name of your public key. In my case, this is id_rsa.pub. Now you can open a terminal on your local computer and use scp command to copy the file into your local.
l$ scp -i ~/.ssh/your_key.pem your_user_name#11.12.123.34:/home/your_user_name/.ssh/id_rsa.pub ~/Desktop
id_rsa.pub 100% 405 16.5KB/s 00:00
Now you should have the public key on your Desktop. Now you can go the new EC2, login into it (using password) and copy and paste the text in the id_rsa.pub into any file you want.
I lost the .pem file of an AWS suse Linux instance.The ".ppk" file that was generated before the loss of .pem file is given to many people,so now I should either disable the access via that .ppk file or I must set-up a password prompt even after using that .ppk file. How can I do this?
The instance cannot be shut-down and restarted for a new .pem file so please tell me how to set a password for the instance even after using that .ppk file.
If you log on to the instance you can remove the associated public key from the authorised_keys file for the related user (such as ec2-user). Obviously if you want to be able to login to that instance yourself then you will need to add the public key of a secure private key to one of the authorised_key files.
I'd consider taking this opportunity to think about how, in the future, you can enable yourself to simply rebuild the instance with a new key and zero data loss for incidents such as this.
I have run into trouble
I have ec2 instance. I connected to it via ssh.
I wanted to set up POST hook for git.
And accidentally removed authorised_keys from /.ssh directory
My question is : if I am still connected to my aws instance can I copy myKey.pem to /.ssh directory ?
I want to omit instance restore process
Thank you in advance !))
If you can't find the public key that corresponds to your current .pem file, just generate a new key pair, and add that public key to your ~/.ssh/authorized_keys file! You could use AWS to generate the new key pair, or check out these popular instructions from GitHub: help.github.com/articles/generating-ssh-keys.
I lost my .pem file due to which I am not able to login to my ec2 instance. Luckily I had my machine key added to the auth_keys file, so I am able to login using it. I removed the master pub key from the auth_keys file and restarted sshd service. But my colleague who is having the master.pem key file is still able to login to the instance. Am I missing something to disable the complete access to the instance using the master.pem file.
Please advice.
Thanks
Does the auth_keys file exist in two places? Maybe you deleted the wrong one? Maybe you should try changing the fingerprint of the server.
New commentary: removing the public key doesn't affect the private key. The master pem file may be associated with the private key. If the private key remains, other public keys will still work. The topic says "Remove key pair." But the description doesn't indicate removing the private key.
I have two databases one on my local machine and one on my amazon ec2 instance.Now what I
do is I run a python program on my local machine which makes changes to the databse on my local machine.I want these changes to be reflected onto the database on amazon ec2 instance,
periodically.I want to do this in python.A script that logs onto the amazon server establishes a connection with the database there and makes the changes.
I came across some modules like pexcept,fabric and paramiko.But I am struggling with the
key authentication.
The way I ssh from my terminal is ssh -i my_rsa_file.pem username#ip_address.There is no password.How do I go about this ??
Also I want to know whether simply using Popen in subprocess to execute the login command work ?
The Boto EC2 documentation here describes the EC2 instance object, of which "key_pair" is an attribute. Look about 3/4 of the way down, under "boto.ec2.instance".
http://boto.readthedocs.org/en/latest/ref/ec2.html
So, e.g., you could run some instances as follows, and then store the first instance as "inst":
reservation = conn.run_instances(...)
inst = reservation.instances[0]
To retrieve your key-pair name as a unicode string, just use:
kp_name = inst.key_name
You can then retrieve the corresponding Boto object using get_key_pair:
kp_obj = conn.get_key_pair(kp_name)
Of course, this is a silly example, since I would have needed my key pair name to run_instances in the first place. May you find a more fruitful application!