I have lost private key of my AWS instance.I searched the option in console panel.
I'm afraid you might be out of luck:
When you launch an instance, you should specify the name of the key
pair you plan to use to connect to the instance. If you don't specify
the name of an existing key pair when you launch an instance, you
won't be able to connect to the instance. When you connect to the
instance, you must specify the private key that corresponds to the key
pair you specified when you launched the instance. Amazon EC2 doesn't
keep a copy of your private key; therefore, if you lose a private key,
there is no way to recover it. If you lose the private key for an
instance store-backed instance, you can't access the instance; you
should terminate the instance and launch another instance using a new
key pair. If you lose the private key for an EBS-backed Linux
instance, you can regain access to your instance. For more
information, see Connecting to Your Linux Instance if You Lose Your
Private Key.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
Yes, you can't recover the old key. Still, you can generate a new key to access that machine
When we loose private key, You can't login to that machine.
Please follow the below steps to recover the key.
Step 1) Detach your root volume from your machine using AWS console.
Step 2) Launch a fresh EC2 instance(Not from your old machine AMI)
Step 3) Attach your old volume to new EC2 machine
Step 4) Now login to new ec2 machine and mount the old EBS volume
Step 5) Now go to that partition then visit home directory inside that machine and go to .ssh folder.
Step 6) Now generate a new private and public key. Then paste public key into authorized_keys file.
Step 7) Once you done with above steps, detach that volume from this ec2 machine.
Step 8) Now attach this volume to your old machine as root volume
Step 9) Now try to login to your old machine with the newly generated key.
Hope it helps !!
Related
I have an EC2 instance managed by Elastic Beanstalk, and I recently changed my key pair to a new one (findy-key-2) by modifying authorized_keys, because I lost my old private key (findy-key).
$ cat authorized_keys
ssh-rsa [my private key] findy-key-2
So right now I have ssh access to my own instance.
However, perhaps because I changed the key pair manually, it seems that EC2 doesn't recognize the new key pair name correctly. In the EC2 console, it still says the key pair name is findy-key, which I already deleted.
And because of that, I'm getting the error below when trying to upgrade to Amazon Linux 2 on the EB dashboard.
Configuration validation exception: Invalid option value: 'findy-key' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'EC2KeyName'): The key pair 'findy-key' does not exist
I noticed that under Elastic Beanstalk Dashboard > Configuration > Security, I can choose the new key from the EC2 key pair drop-down. But the warning message, Each of your existing EC2 instances will be replaced and your new settings will take effect then. implying that my current instance will be terminated, is frightening me because there might be some side effects such as loosing connection to my RDS volume (yes, I'm a newbie to AWS).
Hence, I'm trying to find a way to change the key pair name of an EC2 instance without terminating and creating a new one. If that's not possible, I want to know what are the possible side effects of replacing an EC2 instance.
Thank you.
For short term solution, you can use AWS Systems Manager Session Manager to login to your instances. For this you will need to add SSM permissions to your EB instance profile/role.
You can also try using EC2 Instance Connect which may work out of the box on the instances and you don't have to do anything special to use it.
But for the long term solution, you have to use EB options for that. The reason is that you instances run in Autoscaling group and they can be terminated at any time anyway. So if you are worrying about "some side effects", they you have to redesign your application so that it is stateless. This means that your application does not depend on any instance terminations and re-launch due to autoscaling events.
I solved this by creating another private key named findy-key (which is the name of the old key I deleted before) in AWS Console, and adding its public key in authorized_keys.
I accidentally changed the permission of home folder via SSH, now I am unable to access the files, please suggest me what to do, don't want to lose the files.
If you've locked yourself out of an instance, you have two options to recover (assuming the data is on EBS - if it's on instance storage, you're out of luck)
Option #1 is to:
create a snapshot of the EBS volume
then, create a volume from the snapshot
launch a new EC2 instance using a key you have access to
associate the volume from step 2 with the instance in step 3
log into the instance and mount the volume
You now have access to the data
Option #2 is to fix the existing instance
Stop the bad instance
Disassociate the EBS volume from the stopped instance
launch a new EC2 instance using a key you have access to
Associate the volume with the instance you just created
log into the instance and mount the volume
Fix the permissions
Reverse the process: unmount, disassociate from new instance, re-associate with old instance, boot the old instance and you should be good.
I've recently made an AMI from an important server instance I had. Recently, I made an AMI out of that instance, and then deleted it in order to save space. Now, I'm trying to make an instance from that custom AMI, and in-order to connect to it I need the old password(For some reason that is what it requires). I still own the .pem keypair file needed to decode the password, however it wont let me get and de-crypt the key.
What should i do in order to get the password of the custom AMI?
Assuming that you are using a Windows instance, you can follow these directions in the Amazon EC2 documentation: Resetting an Administrator Password that's Lost or Expired.
The process uses another EC2 instance to access the disk to modify a configuration setting, allowing you to retrieve a new password.
Basically, the steps are:
Stop the "original" instance
Launch a "temporary" instance
Detach the boot volume (let's call it Volume A) from the original instance
Attach Volume A to the temporary instance
Modify a setting will which cause the EC2Config service to generate a new password
Detach Volume A from the temporary instance
Reattach Volume A to the original instance
Boot the original instance
Use the standard "Get Windows Password" process to retrieve the new password
I just started playing around with EC2, I created the keypairs and have no problems in my own laptop. But I just wonder how I can operate it from another computer.
Is that possible to send the keypair-file ,or simply export it from the AWS?
As it states on the EC2 Key pair page:
Amazon EC2 doesn't keep a copy of your private key; therefore, if you lose your private key, there is no way to recover it. If you lose the private key for an instance store-backed instance, you can't access the instance; you should terminate the instance and launch another instance using a new key pair.
Thus you can't export it again from the AWS Console. You would have to transfer the original one you downloaded when you launched the instance.
I lost my private key on a server because my hard drive was fried and I didn't have the folder with the key in it backed up. Consequently after research I found that I can make a snapshot of the EC2 instance and launch a new instance with a different key using the snapshot. I was able to do so and setup the new instance with a new key/pair. However, now I still cannot log on to the server through the Amazon client or with Putty SSH. Is there a there a time-frame I have to wait before the instance is SSH ready (i.e. 1 - 2 hours) or did I set it up wrong?
Thanks for any help.
When you ssh using windows m/c, then .ppk key is used and from unix systems .pem key is used.
You can try it once more from an ami, create an ami from the instance and if any ebs volume is attached, consider that too. Use that ami to launch and instance and provide the key at the end as it asks for, if your using the aws web console. In your case create a new keypair to be used and then assign it.
Wait is generally 2-5 minutes for the instance to be up and then try to ssh. Right click on the newly launched instance and check for the log file output. In some cases it can give you the hint.
It is generally preferred to use ebs backed volumes to avoid situations like data loss.