- Newest
- Most votes
- Most comments
You've tagged this question with Amazon Linux so depending on the version and the region you may be able to connect to the instance using EC2 Instance Connect https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html
This would preclude the need for going down the road of using the AWSSupport-ResetAccess runbook.
Once logged in as ec2-user you can generate a new keypair, and put the public key into a fresh copy of /home/ec2-user/.ssh/authorized_keys, remembering to set the permissions correctly chmod 600 /home/ec2-user/.ssh/authorized_keys
You can also sudo su -
to become the root user, and from here change the password.
I agree with Riku_Kobayashi and others on the following approach. (1) use session manager if still possible (2) use user/password if there is one to login and sudo to root (3) follow through using "rescue EC2". Here is the process:
Take a snapshot of the EC2 without access: this is to safeguard before we make any changes
Launch a new EC2 instance (VM2) in the same zone as the EC2 without access (VM1)
Stop VM1
Find root volume (say Disk1) of VM1, note down the device path (such as /dev/sda1) and detach it
Attach Disk1 to VM2
Mount Disk1 as file system on VM2
Make the adjustment on authorized_keys (ok to recreate key pairs and place the public key in)
Stop VM2
Detach Disk1 and attach into VM1 with the right device path
Start VM1 and now you should be able to login
Congratulations !
Please chat with me if you have more questions.
Thanks Hongzhu Qiao and Riku_Kobayashi. Since this is a production server, I'm trying not having to take it down. After doing more reading on other articles, I believe the account didn't have the Session Manager configured at all. I'm wondering if running through the Quick Setup for Session Manager would require the server to be down for any time at all. If it does, is it just a reboot? And that would be automatic once the quick setup is completed? I'm thinking of trying this out before attempting the process you two had recommended. Thanks!
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
I think it is possible to connect using Session Manager on Amazon Linux. If you cannot connect using Instance Connect, some settings are required on the EC2 side, but I think it is a good idea to connect using Session Manager and update authorized_keys. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-prerequisites.html
Yeah agree with session Manager or RUN COMMAND and rename the file back
I'm not able to use the Session Manager route since the server did not have the SSM agent installed.
When using the EC2 Instance Connect, I'm getting the "Failed to connect to your instance. Error establishing SSH connection to your instance. Try again later."
How about stopping the currently running EC2, mounting EBS on the rescue EC2 instance, and rewriting the authorized_key? https://repost.aws/knowledge-center/ec2-linux-emergency-mode