Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

On Amazon EC2 is it possible to reassign a keypair to an already running instance?

Tags:

amazon-ec2

On Amazon EC2 is it possible to reassign a keypair to an already running instance?

I am having problem with a particular keypair and am wondering if there is a way to fix it by reassign it.

Thanks

like image 634
Josh Scott Avatar asked Feb 02 '10 03:02

Josh Scott

3 Answers

The best solution we have been able to come up with is to create an AMI from the running instance and launch a new instance from that AMI using the new key pair.

Every instance we launch is based on a custom AMI that we maintain for this and many other reasons.

I'm interested to hear if anyone has a better approach.

like image 125
Eric J. Avatar answered Oct 17 '22 13:10

Eric J.

Probably ... just guessing based on what I've done in a few instances:

  1. Log into the instance with ssh. If that's the problem, you're pretty much stuck
  2. SFTP the public key from the new pair and put it in place in the .ssh authorized keys
  3. Restart the sshd

Now, try accessing with the private key that matches the public one you put in place.

But I fear the problem you have is getting in when the pair AWS put in place has gone bad. No help there.

like image 22
user473682 Avatar answered Oct 17 '22 15:10

user473682

If you are using a linux server you can detach the disk and mount them on another instance to work out what the problem is.

First shut down the problem server. Make a note of the device name (probably /dev/sda1) and detach the disk.

Then create a new instance (lets call it the rescue instance) using a new key pair, and attach the disk you detached as additional disk (don't replace the rescue instance's disk).

Then login with ssh to the rescue instance and mount the disk. In the main user account in the newly mounted disks home folder there is a folder named .ssh with a file authorized_keys (/mnt/home/ubuntu/.ssh/authorized_keys for example).

The authorized_keys file can contain multiple public keys each on it's own line. Check the permissions on the .ssh folder and the parent folder, both should only allow write for the owner only. Read permission is required for group and world I think. Any private keys in .ssh should have permission 600 (user read and write only).

This contains the public key from the original key pair. Replace this with your new public key (or add a new line with the new public key) and then shutdown the rescue instance, detach the disk and attach it to the problem instance with the original device name (probably /dev/sda1).

Boot up and you should be able to login using the private key from the new key pair.

like image 25
David Woakes Avatar answered Oct 17 '22 15:10

David Woakes
Sign in to Comment

Related questions

Why do I get "Your account does not support the EC2-Classic Platform in this region."?
How to know a EC2 instance is EC2 Classic or EC2 VPC instance?
I can't connect from the outside to the mongo-express
How to Install SSL on AWS EC2 WordPress Site
UserData script with Resource Attribute CloudFormation
Mongodb /var/log/mongodb/mongod.log prevents mongod from starting
Install unixODBC >= 2.3.1 on Linux Redhat/CentOS for msodbcsql17
AWS Lambda issue with psycopg2
MLflow Artifacts Storing But Not Listing In UI
AWS S3 CLI - Connection was closed before we received a valid response from endpoint
EC2 instance scheduler [closed]
Trouble cloning a git repository from an EC2 instance
How do I track public bandwidth usage on EC2 instances or Elastic IP’s?
Getting state of EC2 instance Java API
rubber - SecurityGroupLimitExceeded exceeded the number of VPC
do I need route53 to bind domain to ec2?
How can I install a recent version of GDAL on Amazon Linux?
EC2 Instance scheduled for retirement
What is the "fully qualified name of my Amazon EC2 instance"
User: x is not authorized to perform: (sts:DecodeAuthorizationMessage)`

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!