I'm new to AWS, been using Microsoft for many years. I tried following this guide: 'https://aws.amazon.com/getting-started/hands-on/host-net-web-app/' but ran into many issues. I'm on Windows 11.
Following the guide, I created a LightSail instance utilizing Windows Server 2022 and used the Default passwords as it was recommended to do so. After creating the instance and waiting a bit, I tried to retrieve the Administrator Password. Now, every tutorial, forum, and video have all shown that the Administrator Password would display on the Connect tab if I pressed 'Retrieve default password', but am met with a popup to Decipher my password with a help link. So I clicked the link and it took me to: https://docs.aws.amazon.com/en_us/lightsail/latest/userguide/use-non-default-key-with-windows-based-instance-in-lightsail.html.
Following the instructions there, it says to change the admin password...but I can't since I don't have the password RDP. So I moved to the next tip, get the ciphertext. I was succesfull in doing so after I jumped through many hoops including adding a user to IAM, then creating an Access Key, then creating a policy. Why weren't these steps mentioned in either of the two documentations?
Continuing on to the final point of the above linked help doc, I'm met with: You can use the ciphertext with any available application to decrypt your password. Umm.. I don't have an available application to do this? What does that even mean? Not helpful at all. Finally an info-alert indicates to use tools openssh and base64 to perform the decryption. What kind of decryption you might ask? Well it's certainly not indicated anywhere in any of the documentations. Turns out it's RSA.
Okay, so now all I have to do is run a bash command and input the ciphertext and private key files. No biggie. Turns out openssh and base64 are not part of Windows11 natively, so I had to go fish those out and add them to PATH. Done and done.
At this point I'm thinking why are there so many steps to login to a fresh instance of Lightsail. Now to find the command to decrypt. After hours of surfing the web, I tried every command I could find to no avail. The closest I got was with this command:
$ openssl pkeyutl -decrypt -in C:/Users/spencer.rosenvall/Downloads/cipher.txt -out C:/Users/{username}/Downloads/decrypted.txt -inkey C:/Users/{username}/Downloads/LightsailDefaultKey-us-west-2.pem
But received this:
Public Key operation error
D8A20000:error:0200006F:rsa routines:rsa_ossl_private_decrypt:data too small:../openssl-3.2.1/crypto/rsa/rsa_ossl.c:541:
(and yes I tried this: cat yourEncryptedFile| base64 -D > yourEncryptedRawFile) [https://stackoverflow.com/questions/42300795/openssl-decrypting-with-a-private-key]
(btw none of the -D inputs will work on these commands anymore so remove them)
Ummm... excuse me? What do you mean the data is too small? That's the private key file I downloaded directly from AWS?
It looks like someone else ran into this issue a few months back too so I'm not the only one: https://www.reddit.com/r/aws/comments/1bribbq/how_do_i_get_the_default_admin_password_on_a/
I need to get this working but I'm baffled by the amount of time and effort it has taken just to try and RDP. Please can I receive some guidance on how to proceed with this issue? I'd just like to get to work. Happy to provide the ciphertext and private key files if needed.
Thanks
