Amazon Ec2 Lost Private Key, How to Get Access to The Server

Amazon EC2 lost private key, how to get access to the server?

Try to do like this:

Login to your AWS Management Console, in EC2 tab view, you'll find something like 1 key Pair, click it, delete your old key pair, then create new pair.

---

EDIT:

Got a related question HERE

What you could do, is assign one of your Elastic IP's to the instance and route traffic through that normally. Snapshot the instance and bring up a duplicate with a new Keypair. Switch the Elastic IP over to the new instance.

and HERE

The best solution we have been able to come up with is to burn an AMI from the running instance and launch a new instance from that AMI using the new key pair.

How to create your own AMI? HERE. ;)

How to recover lost private key of instance of aws server?

I'm afraid you might be out of luck:

When you launch an instance, you should specify the name of the key
pair you plan to use to connect to the instance. If you don't specify
the name of an existing key pair when you launch an instance, you
won't be able to connect to the instance. When you connect to the
instance, you must specify the private key that corresponds to the key
pair you specified when you launched the instance. Amazon EC2 doesn't
keep a copy of your private key; therefore, if you lose a private key,
there is no way to recover it. If you lose the private key for an
instance store-backed instance, you can't access the instance; you
should terminate the instance and launch another instance using a new
key pair. If you lose the private key for an EBS-backed Linux
instance, you can regain access to your instance. For more
information, see Connecting to Your Linux Instance if You Lose Your
Private Key.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

Recovering lost AWS EC2 Key Pairs

Rebuild shouldnt be nesserary. Id suggest option 2 as its quicker and easier.

1.> Its possible to change/append a new key?

• Power off the ec2 instance you want to access ("target").

• Create a new ("temporary") instance.

• Detach the primary EBS volume from target instance (taking note of its current attachment!).

• Attach/mount target volume on temporary instance.

• edit appropriate authorized_keys file on the mounted volume.

• unmount target volume, and reattach to target ec2 instance (using config you noted when detatching it)

• start target instance and login with new key.

• delete temporary instance

2.> Yes. Snapshot the instance. Provision a new instance from the snapshot selecting a different key (keypair popup appears when you click launch at end of launch wizard)

How to secure an AWS EC2 instance when the SSH key is compromised or lost

So, I have resolved this issue myself, and I'm posting what I did in case it helps anyone else.

1. On my local machine I made a new 2048 bit RSA key pair (a new pair can also be generated on AWS)
2. Import the new public key in the Amazon console.
3. Create an AMI of the running instance.
4. Launch an new (ubuntu linux) instance of that AMI, and point it to
   the newly uploaded public key for login.
5. Once the instance is up, update Load Balancer, or DNS entries
   to point to the new instance, as appropriate.
6. Start whatever software the server is intended to run.

Accessing EC2 instance after losing keypair

Not easily.

Guidance on the forums indicate that you can kind of do it by generating a new key pair and then bringing up a new instance and mounting the volume from the original instance and installing the keypair in that volume. After that the original instance should be able to use the new keypair.

According to this post on AWS Developer Forums it can be accomplished via:

Creating a new keypair downloads the private key to your machine and the public key is stored in your AWS account. When you launch a new (linux) instance the public key is placed into the /root/.ssh/authorized_keys file (or /home/ubuntu/.ssh/authorized_keys for Canonical Ubuntu AMIs), allowing your private key access to the instance.

Losing the private key can be fixed by logging in to the instance via another linux account if you have set one up.

Alternatively, if you're running an EBS-backed instance then you can Stop it, attach the root EBS volume to another instance, and place a new public key into the authorized_keys file, then return the volume to the original (stopped) instance and Start the instance again.

If none of these work, then - sorry - you're out of luck. It's called a key because you can't get in without it.

UNPROTECTED PRIVATE KEY FILE! Error using SSH into Amazon EC2 Instance (AWS)

The problem is wrong set of permissions on the file.

Easily solved by executing -

chmod 400 mykey.pem

Taken from AWS instructions -

Your key file must not be publicly viewable for SSH to work. Use this
command if needed: chmod 400 mykey.pem

400 protects it by making it read only and only for the owner.

EC2 instance on my machine. I have lost key pair. But in Aws secret manager there is secret value of .ppk file. How i use that to login to EC2

Can you try the following methods provided from AWS: https://aws.amazon.com/premiumsupport/knowledge-center/user-data-replace-key-pair-ec2/

Feel free to let me know if this doesn't work for you.

---

Related Topics