By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EC2 Key Pair Issue

0

Hi AWS,

I have created an EC2 instance and its key pair using terraform code. The terraform code for the same is:

resource "aws_instance" "test_ec2_instance_production" {
  ami                    = var.ami_id
  instance_type          = var.instance_type
  subnet_id              = aws_subnet.public_subnet.0.id
  vpc_security_group_ids = [aws_security_group.test_security.id]
  tags = {
    Name = "${var.default_tags.project_name}-${var.default_tags.environment}-ec2-instance"
  }
  key_name                    = var.generated_key_name
  associate_public_ip_address = true
  monitoring                  = true
}

// Create key-pair for EC2 instance

resource "tls_private_key" "prod_key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "aws_key_pair" "generated_key" {
  key_name   = var.generated_key_name
  public_key = tls_private_key.prod_key.public_key_openssh
  provisioner "local-exec" {
    command = <<-EOT
      echo '${tls_private_key.prod_key.private_key_pem}' > test-prod-keypair.pem
      chmod 400 test-prod-keypair.pem
    EOT
  }
}

I have generated the keys using the command ssh-keygen -t rsa -m PEM.

Now I am trying to provide the private key in the SSH server configuration setting of Jenkins and I am getting this error: jenkins.plugins.publish_over.BapPublisherException: Failed to connect and initialize SSH connection Message [Auth fail]

Also I am not able to login into the EC2 using SSH connection command as the key is broken and getting this error: ec2-user@ec2-x-xxx-xx-xxx.us-east-2.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Now the issue is this is a production environment and the key is broken. Is there any way to replace the key with a new one without terminating the instance as long way down I need to have a proper RSA key which I can add in the Jenkins SSH remote host to build my pipeline. Also you know Jenkins don't accept Open SSH key format.

Also I need to know the steps to generate the rsa key and to copy the key file into the .pem file which we are going to use for ssh connection with EC2. Please help!

Topics
ComputeDevOps
Tags
Amazon EC2DevOps
Language
English
profile picture
Arjun Goel
asked a year ago458 views
1 Answer
0

There are a few suggestions on how to fix this in this other re:Post article - does that help you in this situation?

profile pictureAWS
EXPERT
Brettski-AWS
answered a year ago
  • Arjun Goel
    a year ago

    @Brettski-AWS, my only concern is if I make any changes in the tf code provided above based on the steps mentioned in the article provided will it terminate/stop the instance as I want to replace the key pair while the instance will be in a running state as it's production and I don't want any downtime. Having said that I am still able to connect to the instance using EC2 serial console however that's only the temporary solution unless the automation pipeline is not in place because once I am going to do the build on EC2 using Jenkins I need to have the private key for the key pair.

    Please guide.

  • Brettski-AWS EXPERT
    a year ago

    If you can fix it with the Serial Console then that's a good way to go. Otherwise, this type of thing is an excellent reason to have a test environment - not trying to be condescending (I've been there too); but the first (and probably second and third) version of code doesn't always work right...

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content