ProTechGurus

Learn By Self | Served By Experts

Buy Here: AWS Cloud Step By Step Lab Manual Guide

Deal of the month

Windows Server 2016 Hands-on Practical Guide with Virtual Machine Lab Setup

You are here: Home / AWS Cloud / How To Connect EC2 Linux Instance If Private Key Lost

by

How To Connect EC2 Linux Instance If Private Key Lost

We know that EC2 Linux instances are accessible through the private keys by default. However, SSH is allowed but you cannot use SSH password authentication to access Linux instance as it is disabled by default. So, what would happen if you lose the private key of your Linux instance? Here are few things that you should know before to proceed to this topic:

  • You cannot recover the private key for Linux instance, if you have chosen Root Device Type as Instance Store.
  • You can connect and access your Linux instance, in case of private key lost, if you have chosen Root Device Type as EBS Store.

Keeping the above guidelines in the mind, lets begin the whole process “How can we connect EC2 Linux Instance, if we lost the private key?

You need to perform the following steps in order to connect EC2 Linux instance, if the private key is lost:

  1. Stop the EC2 Linux Instance
  2. Detach the Root Volume
  3. Launching a new Temporary Instance
  4. Attach the Root Volume to New Instance
  5. Modify the authorized_keys File
  6. Reattach the Root Volume to the Original Instance
  7. Start and Connect the Original Instance with New Private Key

Before starting this exercise, we need to note down the following key information:

  • Instance ID, AMI ID, and Availability Zone of original Instance
  • Name of Root Device volume such as /dev/sda1
  • Volume ID of Root Volume

Stopping Original EC2 Linux Instance

  1. In order to stop an EC2 instance, login to AWS console and select the instance.
  2. Right-click instance and select Instance State and then select Stop to stop it.

Launching New Temporary Instance

In this task, we need to create a new EC2 instance with exact same settings and in the same availability zone.

  • Instance Name: Temporary
  • AMI: Same as original instance
  • Security Group: Select same Security Group that is attached to the original instance
  • Key pair: Create a new key pair named it as new-key-pair.pem and store it in safe location

Note: You may refer this article if you face any issue during creating and launching the instance.

Detaching Root Volume from Original Instance

To detach a root volume, you need to perform the following steps:

  1. Select the Volumes section in the left pane, type the volume ID of root volume of original instance in the search box.
  2. Select the Root Volume, click Actions and then select Detach Volume to detach it as shown in the following figure.Detaching EC2 EBS Volume
  3. On the Warning message box, click Yes Detach.

Attaching Root Volume to Temporary Instance

We assume that the Root Volume is still selected that you had detached in the previous steps. To attach Root Volume to Temporary instance, you need to perform the following steps:

  1. Click Actions and then select Attach Volume to attach a volume.
  2. In the Attach Volume dialog box, type new instance name “Temporary” in the Instance name box. Alternatively, you can also type instance ID if you remember or noted-down it somewhere.
  3. Note down the new volume name and then click Attach to proceed.

Note: Make sure the new instance and attaching volume both are in the same availability zone.

Detaching Volume form EC2 Instance

Mounting Attached Volume

To mount the attached volume, you need to perform the following steps:

  1. Select and right-click the new instance (Temporary) and open it’s console. We assume that the volume name was /dev/sdf.
  2. Use the lsblk command to view the partitions.
  3. Use the following commands to create a mount point named as /tempvol and mount the attached volume under it.
lsblk
sudo mkdir /tempvol
sudo mount /dev/xvdf1 /tempvol

Recover EC2 Linux Instance

Note: The volume may appear with different name depending on the Linux variant you use. For this demo, it shows as /dev/xvdf1.

Modifying the authorized_keys File and Updating the New Private Key

Use the following command to update the new key pair  and to access the original instance:

cp .ssh/authorized_keys /tempvol/home/ubuntu/.ssh/authorized_keys

If the above command failed to execute, you may need to change the permission of /home/user/.ssh file with write permission.

Note: The user name may vary depend on the instance variant. For example, ubuntu for Ubuntu Linux and ec2-user and Amazon Linux.

Next, unmount the attached volume using the following command as shown in the below figure.

sudo umount /tempvol

Modifying EC2 SSH Key file

Detaching Volume From Temporary Instance and Reattaching With the Original Instance

  1. Go to the Volumes section, select the root volume (of original instance), click Actions and select Detach Volume to detach volume.
  2. Once the volume is detached, click again Actions, and select Attach Volume to attach it.
  3. In the Attach Volume window, type the original instance name or ID, change the volume name as /dev/sda1 and then click Attach as shown in the following figure.

Attaching detaching EC2 volumes

Connect EC2 Linux Instance (Original Instance )With New Private Key

Now, you have done all the neccessory tasks to recover lost key pair. You can connect the original insatnce with newly created private key. For this, start the original instance and connect it with the key pair you created for Temporary instance that is in our case: new-key-pair.pem

You should be able to access and connect EC2 Linux instance as shown in the following figure.Connect EC2 Linux instance with different key pair

Recommended: Various ways to connect EC2 Linux instance

That’s all you need to do to connect EC2 Linux instance if the private key is lost. Hope, this article has helped and you loved it. Please provide your valuable feedback to improve the article quality.