By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Lost the root password to our Disaster Recovery ec2 Instances. How to reset it

0

I'm facing a critical situation where my manager, who had all the necessary credentials has unexpectedly left the company and is now unreachable. We urgently need to access our Disaster Recovery site, but we don't have the root password to our ec2 instances in our DR region. Connect to instance is not available, don't have access to any ssh keys that I know of. Can anyone advise on the best steps to regain access securely or how to handle such a situation? Any help would be greatly appreciated.

  • SHAJAM
    15 days ago

    Are the EC2s configured with SSM, if so, at a minimum, you can login with SSM and do your task.

Topics
Compute
Tags
Amazon EC2
Language
English
Mustafa
asked 16 days ago30 views
1 Answer
0

Regaining access to your EC2 instances when you have lost the root password and do not have access to SSH keys can be challenging, but it is possible by following these steps. The process involves stopping the instance, detaching its root volume, attaching it to another instance, modifying the necessary files to reset the password or add a new SSH key, and then reattaching the volume to the original instance.

Steps to Regain Access to EC2 Instances

  1. Stop the Instance:

    • Go to the EC2 console: EC2 Console.
    • Select the instance you need to access and stop it.
    aws ec2 stop-instances --instance-ids i-1234567890abcdef0

  2. Detach the Root Volume:

    • Detach the root EBS volume from the stopped instance.
    aws ec2 detach-volume --volume-id vol-1234567890abcdef0

  3. Attach the Volume to Another Instance:

    • Attach the detached volume to another running instance where you have access. Attach it as a secondary volume (e.g., /dev/sdf).
    aws ec2 attach-volume --volume-id vol-1234567890abcdef0 --instance-id i-0987654321fedcba0 --device /dev/sdf

  4. Access the Attached Volume:

    • SSH into the instance where you attached the volume.
    ssh -i /path/to/your/key.pem ec2-user@<instance-public-dns>
    • Mount the attached volume.
    sudo mkdir /mnt/recovery
sudo mount /dev/xvdf1 /mnt/recovery

  5. Modify the Necessary Files:

    • Option 1: Reset the Root Password:

      • Edit the /etc/shadow file on the mounted volume to reset the root password.
      sudo chroot /mnt/recovery
sudo passwd root
exit

    • Option 2: Add a New SSH Key:

      • Add your SSH public key to the ~/.ssh/authorized_keys file for the root user.
      sudo chroot /mnt/recovery
sudo mkdir -p /root/.ssh
sudo nano /root/.ssh/authorized_keys
# Paste your SSH public key into the file
exit

  6. Unmount the Volume:

    • Unmount the volume from the recovery instance.
    sudo umount /mnt/recovery

  7. Detach the Volume from the Recovery Instance:

    • Detach the volume from the recovery instance.
    aws ec2 detach-volume --volume-id vol-1234567890abcdef0

  8. Reattach the Volume to the Original Instance:

    • Reattach the volume to the original instance as the root volume (e.g., /dev/sda1).
    aws ec2 attach-volume --volume-id vol-1234567890abcdef0 --instance-id i-1234567890abcdef0 --device /dev/sda1

  9. Start the Original Instance:

    • Start the original instance.
    aws ec2 start-instances --instance-ids i-1234567890abcdef0

  10. Access the Instance:

    • SSH into the instance using the new root password or the new SSH key you added.
    ssh -i /path/to/your/key.pem root@<instance-public-dns>

By following these steps, you can regain access to your EC2 instances securely.

profile picture
EXPERT
Adeleke Adebowale Julius
answered 16 days ago
profile picture
EXPERT
Gary Mclean
reviewed 15 days ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 15 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content