Ec2 Instance Download Key Pair Again

How To Recover Admission To Your AWS Instance Afterward Losing Your KeyPair

OVERVIEW

This post highlights the steps needed to recover access to your AWS EC2 Instance after loosing or misplacing your ssh .pem fundamental-pair file

Showing admission to an Amazon EC2 case using a private key. credit: amazon.com

What is a central-pair file?

If you lot are asking this yourself, and so perchance this post is not the right one for you. Even so , a key-pair is a combination of a public and private key. Amazon EC2 uses public-key cryptography to encrypt and decrypt login data.

Very frequently people lost access to their AWS EC2 Instances. This can happen for many different reasons such as switching to a new reckoner, losing one's files, becoming responsible for someone else's AWS deployments and much more than. When this happens, there is a demand to recover access to these instances.

Beneath is a summary of the steps required and covered in this mail service to recover access to your EC2 Instance afterward losing your key-pair

• Gather config details of the original( target ) instance.
• Power off the original( target ) EC2 example of which yous want to regain access.
• Launch new ( recovery ) example and generate new primal-pair
• Login via ssh to the new recovery example
• Detach the primary EBS volume from original( target) example (taking annotation of its current attachment)
• Attach/Mount the previously detached volume to the new( recovery ) instance
• Copy authorized keys from recovery instance to the mounted (target) volume
• Unmount target volume from recovery case and reattach back to original ( target) instance using configs noted earlier
• First the original ( target ) example and login with new key-pair
• Delete temporary(recovery) case

Disclaimer: This process requires a terminate and start of your AWS Instance thus It can just exist washed on an EBS backed example. information technology's not possible to do this process on store-backed instances. (if you are unsure of your example type, see beneath)

To view your instance root device type,

Login to your EC2 Dashboard → Click on instances -> Select the target instance → In the properties pane, locate 'Root device type'. if this value is set to 'ebs' as shown in the image below and then yous have an ebs backed example and can proceed :)

prototype showing root device type of an EC2 instance

Pre-requisite

Note down on a piece of paper the following details about the instance y'all will like to regain access to (all details are found in the example properties pane).

- security grouping, availability zone e.g.(us-w-1b), root device type due east.g. (ebs), root device e.one thousand. /dev/xvda

Next, we create a new example with a similar configuration to the instance we will like to gain access to.

In this post, variables are written in-between curly braces e.g {variable_name}. Supplant these with your own values.

Launch New Recovery Instance

Select ' Launch Case' push on the case view folio of your EC2 dashboard

Select an amazon machine image( AMI ) template

• In the side by side screen that shows, select an instance blazon. t2 nano or t2 micro is recommended as this is faster to setup. Click 'Next' to Continue
• Next, select the correct availability zone as noted downwardly before. (this should be the same every bit the availability zone of the instance you will like to regain admission to) and click ' Adjacent'

select the correct availability zone as the instance you volition similar to regain access to

• Leave the storage choice as default on the next screen and select 'Next' again.
• On the next screen 'Add Tags', add a tag for the new instance called 'RecoverInstance'. this will brand it easier to identify this new instance after. Click Side by side
• Select a security group for the new instance. Click 'Review and Launch'
• A preview is shown of the instance to be created. Click on 'Launch'
• Now, its time to create a new primal-pair. Select 'Create New Cardinal-pair' on the popup modal, enter a name for the new key-pair and click download. (This will be the key-pair we will use to access the target instance)

Generating a new key-pair and downloading

• Next click 'Launch Example' to launch the new example.

In one case the newly created instance is running, connect to the instance using your concluding and the newly generated fundamental-pair equally follows

ssh -i {keypair-file-location}.pem {username}@{new-recovery-instance-public-ip/dns}

e.yard. ssh -i ~/keys/myKeypair.pem ubuntu@ec2-public-dns-ip

bold my primal-pair is saved in the keys binder of my habitation directory and my default username for the case is 'ubuntu'.

Note : the username depends on the type of example y'all launched earlier.

If you lot become a 'bad permission' message, do set the read permission of the key-pair to read only east.one thousand. chmod 0400 {primal-pair-file-location}

• Once logged in successfully, return to the EC2 direction panel(web), select the original case you will like to replace the lost example key and select 'cease'.
• Annotation : if yous do not take an Elastic IP, your IP accost will change when you restart the case.

stop the instance y'all volition like to regain access to

• One time the instance state changes to 'stopped', select the example once again, and on the instance properties pane, click on the root device and then click on the book id.

From the volume details folio,

Select 'Deportment' -> 'Detach Volume' to detach the volume from the instance.

Wait for the volume state to change to 'Available'

Now select 'Deportment' -> 'Adhere Volume' and in the popup dialog, select the new instance y'all just created.

The higher up procedure detaches the volume of the target example we will like to gain admission to and attaches it to the newly created recovery instance.

Look for the volume state to modify back to 'In use'

Now, go back to the ssh session established earlier in the terminal.

Run the beneath commands

lsblk -f #to view all blocks attached to the case. you will now notice the new volume is displayed only non mounted still.

• Side by side, create a temporary mount directory as follows and mountain the volume

sudo mkdir /mnt/tempvol #this creates a temporary mountain directory

sudo mount /dev/xvdf1 /mnt/tempvol #this mounts the volume on the temporary mount directory

lsblk -f #now you volition see the new book mounted at /mnt/tempvol

Creating a temporary mount location and mounting new block

Next, we re-create the authorized primal file from our new case to the mounted instance.

apply the following commands

cp .ssh/authorized_keys /mnt/tempvol/home/ubuntu/.ssh #re-create keys to tempvol assuming the default user for our instance is ubuntu

ls -lah /mnt/tempvol/abode/ubuntu/.ssh #lists contents of the .ssh directory

sudo umount /mnt/tempvol #unmounts the temporary volume

Now the block device is unmounted. You can apply ' lsblk -f ' to confirm

Next, we demand to detach the volume from the instance using the ec2 console and reattach it back to the original example.

• Return back to EC2 panel and ensure the volume is selected,

Select 'Actions' -> 'Detach Volume'

Wait for the volume state to change to 'Available'

Side by side, we attach the volume back to its original example

Select 'Deportment' -> 'Adhere Volume'

on the popup, select the original instance proper noun and set the Device root path back to the same one noted down earlier. e.one thousand. /dev/sda1 or /dev/sdf

Next, proceed to click ' Attach '

Finally, return back to the instances show page on EC2,

Select the original instance -> Select Actions -> Starting time

This starts the original case we desire to regain admission to.

Wait for the instance state to alter to ' running '.

Now, endeavor to connect to the case from the last using the earlier created central-pair as follows and it should be attainable.

ssh -i {keypair-file-location}.pem {username}@{original-example-public-ip/dns}

e.g. ssh -i ~/keys/myKeypair.pem ubuntu@ec2-public-dns-ip

Congratulations!

At present y'all accept regained admission back to your instance with a new cardinal-pair.

You can cease/delete the newly created case to avoid accumulating additional AWS charges for the unused instance.

Please let me know in the comments if this has been helpful to you or if y'all encounter whatsoever challenges with this process and I volition be willing to offer y'all the needed assistance.

Till next time …

rosehision.blogspot.com

Source: https://medium.com/the-10x-dev/how-to-recover-access-login-to-your-aws-instance-after-losing-your-pem-keypair-file-e0d31bae2da4

Share this post