my EC2 instance pem key file is lost, how to connect to EC2 instance from my linux terminal


Hi my EC2 instance pem key file is lost, I can not access to my instance without key pem file

how to connect to EC2 instance from my linux terminal ? ssh -i "sx.pem"


asked a year ago669 views
3 Answers
Accepted Answer

I have used the following method to solve my issue:

(1) create a new instance which is same zone as the old one that the key file is lost with new pem key file named file2

(2) stop the old instance

(3) Detach volume of old instance

(4) attach the volume of old instance to the new instance

(5) Log in the new instance with ssh and new key file from terminal , do the following linux command:

--sudo mkdir /mnt/tempvol
-- sudo mount -t ext4 /dev/xvdf1 /mnt/tempvol
--cp .ssh/authorized_keys/mnt/tempvol/home/ubuntu/.ssh/authorized_keys
--sudo ls -l /mnt/tempvol/home/ubuntu/.ssh
--sudo umount /mnt/tempvol

(6) attach the volume of old instance with old volume dirt path like: /dev/sda1

(7) access to old instance with the new key file from terminal

answered a year ago
profile picture
reviewed 2 months ago
profile pictureAWS
answered a year ago
profile picture
reviewed a year ago
  • Hi thanks. But method1 did not work. The video related to the above method has been posted to YouTube. Others have same conclusion that method 1 did not work. I hope AWS could give more details or take seriously to solve this issue.


The first responder gives a great set of answers.

Given different use-cases, it is often more secure to use Systems Manager Session Manager instead of SSH keys.
For your viewing pleasure…

Introducing Session Manager

Using Session Manager to replace SSH

For my purposes, and assuming you have a recent EC2 version, I often use session manager to recover (or replace) SSH access.

First Create an IAM instance profile that enables Session Manager access and update the EC2 instance with this instance profile.
In IAM, create a role with this policy - AmazonSSMManagedInstanceCore

In your EC2 console pane, select your instance, select the ‘Actions’ button on the top right and select the Security option, then choose the ‘Modify IAM role’. It will provide you the list of available roles for this action.

Once all is setup, it may take a few minutes for the agent on the instance to ‘connect’ and identify with Systems Manager…

The Above ^^^^^ steps are sufficient for an instance provisioned in a Public Subnet…

However, IF your instance is in a PRIVATE SUBNET... you will need to create VPC endpoint services attached to the instance - subnet to allow direct access from your private network to the ssm services that enable the session manager connection. in the console select the VPC service on the left pane select the ‘endpoint’ option (aka ‘privatelink’ services ) configure 3 endpoints and attach to the subnet your instance is in…

  1. ec2messages
  2. ssm
  3. ssmmessages for recovery purposes, the cost is minimal. But understand there is some cost. endpoint costs

It’s best to think of the above as private NAT’s that allow the routing of requests between your VPC and the AWS Public Network where Systems Manager lives

IF YOU ARE IN A PRODUCTION NETWORK, ESP WITH OTHER SYSTEMS, THIS CAN AFFECT NETWORKING PATHS FOR EVERYONE, these create. If you are working in an isolated environment, then this will only apply to your private instance.

Now, your private network instance will be accessible via session manager. GIve the system a few minutes to identify and connect internally and you will be able to access via the console ‘Connect’ option, or via CLI from your command line

This is a fantastic pattern for short term recovery efforts.

This method does NOT use SSH keys.
Once you have regained access to your instance, you will be able to re-create new SSH keys and update the public key on the instance. This public key will be placed in the ~/.ssh/authorized_keys file.

Good luck!

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions