使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

AWS EC2 - after restoring a RHEL 7 EC2 from a backup, the ssh host keys change

0

I ran a test whereby I restored a RHEL 7 EC2 instance. After it started, I was able to ssh into the instance using the same private key that I use for the instance that was backed up. However I noticed that the /etc/ssh/ssh_ key files had all changed, and an application, Oracle's secure global desktop, could not longer connect, due to the changed host keys.

What would have caused the host keys to change?

Is it something that AWS restore does?

Is it something that sshd does on startup? E.g. it detects that the hostname changed (AWS assigns a new hostname to the instance) and recreates the host keys as a result?

Is it something that RHEL 7 does?

I suppose I could just backup the /etc/ssh directory and restore the files after a restore, but I would like to think that I can use AWS backup / restore out of the box to preserve the configuration of an instance during the restore operation.

There is a very old AWS forums post:

https://forums.aws.amazon.com/thread.jspa?threadID=40450

that refers to this problem, but the post says that the issue was resolved in the AWS linux AMI.

Thanks for the help.

主题
计算存储
标签
Linux 配置备份和恢复AWS Backup亚马逊 EC2
语言
English
AWS-User-2178148
已提问 2 年前813 查看次数
1 回答
0
已接受的回答

The host key may have been regenerated by cloud-init. cloud-init will compare the running instance id to that it cached previously (i.e. the instance id the backup was taken from) and find they're different, so will run the first-boot modules again, which includes the ssh host key.

Have a look at /var/log/cloud-init.log to see if it mentions there it's doing anything with the host key?

You can provide the host keys which should be installed, or at least prevent it from deleting the old ones, via a configuration file you can pass in user data (see last link above for docs).

profile pictureAWS
专家
James_S
已回答 2 年前
  • AWS-User-2178148
    2 年前

    That was what created the host keys, thanks.

    I read the doc you recommend, but don't see how to prevent the deleting of the host keys. Can you provide some more details? When running AWS Restore, AWS will launch an EC2 instance, so I don't see how to pass anything to cloud init?

  • James_S 专家
    2 年前

    Is this using the restore feature in AWS Backup? Looks like you should be able to provide UserData under the "Advanced" section in the UI, or in the UserData field if you're doing it from the CLI etc: https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-ec2.html, but I haven't tested that myself.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容