By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

accidental renaming of authorized_key file

0

Hi, I'm new to AWS linux administration after our previous admin left. The previous admin had not left the root password. I was instructed to remove his access but had accidental renamed the authorized_key file and do not have the root password. Therefore, the SSH connection does not work anymore.

When I asked the billing department, they directed me to use AWSSupport-ResetAccess runbook to reset the access to the EC2 instance. After reviewing the information, I have the following questions and would appreciated any assistance:

  1. Does this mean no user would be able to access anything on the server while I'm going through the runbook process? IE...web servers and application server will be down, etc.
  2. Would we loose any data on the server (an EC2 instance)?
  3. Would the IP address change?
  4. Would the old EC2 key stop work any longer, ie...the previous system admin will not be able to use it to reconnect.
  5. Will It create a new "authorized_key" file on the server, along with new SSH key/EC2 key so we can reconnect?
  6. How long does it usually take to go through this runbook?

Any other precautions we need to be aware of before applying it?

Thanks!

PY

Topics
ComputeSecurity, Identity, & Compliance
Tags
Linux ProvisioningAWS Identity and Access ManagementAmazon EC2ComputeAmazon Linux
Language
English
PY
asked 4 months ago247 views
2 Answers
1

You've tagged this question with Amazon Linux so depending on the version and the region you may be able to connect to the instance using EC2 Instance Connect https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html

This would preclude the need for going down the road of using the AWSSupport-ResetAccess runbook.

Once logged in as ec2-user you can generate a new keypair, and put the public key into a fresh copy of /home/ec2-user/.ssh/authorized_keys, remembering to set the permissions correctly chmod 600 /home/ec2-user/.ssh/authorized_keys

You can also sudo su - to become the root user, and from here change the password.

profile picture
EXPERT
Steve_M
answered 4 months ago
profile picture
EXPERT
Gary Mclean
reviewed 4 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 4 months ago
0

I agree with Riku_Kobayashi and others on the following approach. (1) use session manager if still possible (2) use user/password if there is one to login and sudo to root (3) follow through using "rescue EC2". Here is the process:

 Take a snapshot of the EC2 without access: this is to safeguard before we make any changes
 Launch a new EC2 instance (VM2) in the same zone as the EC2 without access (VM1) 
 Stop VM1
 Find root volume (say Disk1)  of VM1, note down the device path (such as /dev/sda1) and detach it
 Attach Disk1 to VM2
 Mount Disk1 as file system on VM2
 Make the adjustment on authorized_keys  (ok to recreate key pairs and place the public key in)
 Stop VM2 
 Detach Disk1 and attach into VM1 with the right device path 
 Start VM1 and now you should be able to login
 Congratulations !

Please chat with me if you have more questions.

Hongzhu Qiao
answered 4 months ago
  • PY
    3 months ago

    Thanks Hongzhu Qiao and Riku_Kobayashi. Since this is a production server, I'm trying not having to take it down. After doing more reading on other articles, I believe the account didn't have the Session Manager configured at all. I'm wondering if running through the Quick Setup for Session Manager would require the server to be down for any time at all. If it does, is it just a reboot? And that would be automatic once the quick setup is completed? I'm thinking of trying this out before attempting the process you two had recommended. Thanks!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content