EC2, Ubuntu, forgot Passphrase

0

Hi, I have PEM key pair to my EC2 instance, which have Passphrase (the password it ask when we SSH in) , for reason not clear to me, the Passphrase that in my record is not working and I keep getting access denied , tried the this two method, https://aws.amazon.com/premiumsupport/knowledge-center/user-data-replace-key-pair-ec2/ and https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-ec2reset.html

Both once completed, still asking for password when SSH in.

Please guide me guide on how to reset/remove the password (Passphrase ) request when SSH in to this instance.

asked a year ago528 views
3 Answers
0
Accepted Answer

Dear Friends,

Thank you for those took the initiative to suggest solution for me.

  1. My problem root cause was the passphase we assgined for the KeyPairA did not work, so, either my guys recorded wrong passphrase in our record, or something crazy caused this,
  2. so when we used KeyPairA, our Instance A keep asking password, and we tried all he standard password my company use non of it worked
  3. We follow the two guide shown in the OP , both did not solve my problem
  4. I think because the Instance A is on ubuntu 14.04 and all he automation or vol attachment uses Ubuntu22 (assumed only)
  5. What we did is we AMI the instance, detach the volume and attached in a TEMP Instance (which is Ubuntu 14) , mount the volume to a folder in sda1
  6. SSH to Temp Instance, do this two this, sudo cp .ssh/authorized_keys /mnt/tempvol/home/ubuntu/.ssh/authorized_keys sudo cp etc/ssh/sshd_configs /mnt/tempvol/home/ubuntu/etc/ssh/sshd_config few files from the etc/ssh/ folder copied over too, I can not for sure say which file, copy the whole thing might solve so
  7. after this unmount, detach and attach back to Instance A and the KeyPair used in Temp Instance should work (at least it worked for me)
answered a year ago
0

In the past, you could take a snapshot of an instance, create an AMI from that snapshot, create a new keypair, then run an instance based on the AMI with the new SSH keypair.

Then, login with the new keypair.

You would lose an instance store with this approach.

Bazzer
answered a year ago
  • I tried to detach the volume, attached to temp_instance, mount it, copy the autorized key details form temp_instance to mounted volume, test and facing same asking for pasword.

  • Problem solved and here updating why this idea did not work for me, Instance A was on Ubuntu 14.04 Temp Instance B which was used to attached Volume form Instance A was on Ubuntu 22

    So, some miss match and the new SSH keypair which was generated in Ubuntu 22 did not work with Ubuntu 14, honestly I do not know the root cause, did not spend time as I solved my problem (as explained below)

0

Try SSM connect which will allow you in assuming a few things:

  1. Agent is installed (by default in most newer AMIs)
  2. EC2 Instance Profile grants permission to SSM agent
  3. Your account has access to connect via SSM.

Once these are met in EC2 right click and select "Connect".

You can read details on setting it up at: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started.html

profile picture
answered a year ago
  • Thanks for taking a bit time to answer my question, apricate it, we could not get SSM to work on the Instance A (the instance that have passphrase-forgotten keypair) I have solved this issue and I explained how I solve this for others reference

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions