- Newest
- Most votes
- Most comments
I have used the following method to solve my issue:
(1) create a new instance which is same zone as the old one that the key file is lost with new pem key file named file2
(2) stop the old instance
(3) Detach volume of old instance
(4) attach the volume of old instance to the new instance
(5) Log in the new instance with ssh and new key file from terminal , do the following linux command:
--sudo mkdir /mnt/tempvol
-- sudo mount -t ext4 /dev/xvdf1 /mnt/tempvol
--cp .ssh/authorized_keys/mnt/tempvol/home/ubuntu/.ssh/authorized_keys
--sudo ls -l /mnt/tempvol/home/ubuntu/.ssh
--sudo umount /mnt/tempvol
(6) attach the volume of old instance with old volume dirt path like: /dev/sda1
(7) access to old instance with the new key file from terminal
The first responder gives a great set of answers.
Given different use-cases, it is often more secure to use Systems Manager Session Manager instead of SSH keys.
For your viewing pleasure…
Using Session Manager to replace SSH
For my purposes, and assuming you have a recent EC2 version, I often use session manager to recover (or replace) SSH access.
First
Create an IAM instance profile that enables Session Manager access and update the EC2 instance with this instance profile.
In IAM, create a role with this policy - AmazonSSMManagedInstanceCore
In your EC2 console pane, select your instance, select the ‘Actions’ button on the top right and select the Security option, then choose the ‘Modify IAM role’. It will provide you the list of available roles for this action.
Once all is setup, it may take a few minutes for the agent on the instance to ‘connect’ and identify with Systems Manager…
The Above ^^^^^ steps are sufficient for an instance provisioned in a Public Subnet…
—
However, IF your instance is in a PRIVATE SUBNET... you will need to create VPC endpoint services attached to the instance - subnet to allow direct access from your private network to the ssm services that enable the session manager connection. in the console select the VPC service on the left pane select the ‘endpoint’ option (aka ‘privatelink’ services ) configure 3 endpoints and attach to the subnet your instance is in…
- ec2messages
- ssm
- ssmmessages for recovery purposes, the cost is minimal. But understand there is some cost. endpoint costs
It’s best to think of the above as private NAT’s that allow the routing of requests between your VPC and the AWS Public Network where Systems Manager lives
IF YOU ARE IN A PRODUCTION NETWORK, ESP WITH OTHER SYSTEMS, THIS CAN AFFECT NETWORKING PATHS FOR EVERYONE, these create. If you are working in an isolated environment, then this will only apply to your private instance.
Now, your private network instance will be accessible via session manager. GIve the system a few minutes to identify and connect internally and you will be able to access via the console ‘Connect’ option, or via CLI from your command line
—
This is a fantastic pattern for short term recovery efforts.
This method does NOT use SSH keys.
Once you have regained access to your instance, you will be able to re-create new SSH keys and update the public key on the instance. This public key will be placed in the ~/.ssh/authorized_keys file.
Good luck!
Relevant content
- asked 3 years ago
- asked a year ago
- asked 2 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 9 months ago
Hi thanks. But method1 did not work. The video related to the above method has been posted to YouTube. Others have same conclusion that method 1 did not work. I hope AWS could give more details or take seriously to solve this issue.