Aws update new key to ec2 instance when the key is lost

Access to Amazon EC2 instances especially the Linux instances are always protected by a private key pair. The private key is only the way to get access to the instance

Launch New Instance
we need is to start and one instance with a key pair that we can access we will use this instance for recovering the old EBS. The new instance must be created in the same Availability Zone as the original instance.

Now we will launch the new instance using the Launch Instance wizard, make sure that we are launching the instance same AZ in which our original instance is.

Before we actually launch the instance we will see the key pair section from there we will create and download a new key pair and then we will launch the instance.

When the new instance is ready, now we will detach the volume of the original instance and attach it to the new instance, to do that we need to stop the original instance. To stop the instance right click on the instance go to Instance State and chose the Stop option.

Detach Volume
when the instance is stopped and then we go to the volume section in the EC2 console. Here we will look for the original instance root volume, using the Attachment Information. This column shows to which instance the volume is attached and its device path usually the root drive path is /dev/sad1. Now we will Detach the volume from the original instance, to do that right-click on volume and chose Detach Volume option.

Attach Volume
Once we detach the volume, now we need to attach the volume to the Recovery instance, right-click on the volume, and chose Attach Volume option in dialog we will select the Recovery instance and also add a device path as /dev/xvdf (or /dev/sdf)

Once we attach the volume to the recovery instance we are now ready to mount that in the same instance. We can access the instance using the key pair generated during the instance launch. To access the instance use the below command

Setting the rigth permissions for the .pem file
#chmod 600 NewKeyPair.pem

Connecting to the instance using the certificate
#ssh -i NewKeyPair.pem ubuntu@public_ip

Copy Key
Once you are connected to the instance now we have to mount the attached volume and copy the authorized_keys file from the new instance to the mounted drive at the same location. Use the below command to mount and copy the file.

Becoming root
#sudo -i

Creating the mount point
#mkdir /mnt/original

Mounting the volume
#mount /dev/xvdf /mnt/original

Replace the authorized_keys file with the new one. Now access to the Old instance will be possible only using the new pem. Path and name of file depends on the Linux Flavor you are using.
#cat /home/ubuntu/.ssh/authorized_keys > /mnt/original/home/ubuntu/.ssh/authorized_keys
#umount /mnt/original/

Once we are done with copying the keys, now we will detach the volume from the recovery instance by right-clicking on volume and choosing the detach volume option as we do it earlier. After that, we will re-attach it to the Original instance, make sure when you are re-attaching the volume that should on on root path so enter /dev/sda1 in the device path option.

Recent Comments

No comments

Leave a Comment