On Amazon EC2 is it possible to reassign a keypair to an already running instance?

Question

On Amazon EC2 is it possible to reassign a keypair to an already running instance?

I am having problem with a particular keypair and am wondering if there is a way t

Answer 1

If you are using a linux server you can detach the disk and mount them on another instance to work out what the problem is.

First shut down the problem server. Make a note of the device name (probably /dev/sda1) and detach the disk.

Then create a new instance (lets call it the rescue instance) using a new key pair, and attach the disk you detached as additional disk (don't replace the rescue instance's disk).

Then login with ssh to the rescue instance and mount the disk. In the main user account in the newly mounted disks home folder there is a folder named .ssh with a file authorized_keys (/mnt/home/ubuntu/.ssh/authorized_keys for example).

The authorized_keys file can contain multiple public keys each on it's own line. Check the permissions on the .ssh folder and the parent folder, both should only allow write for the owner only. Read permission is required for group and world I think. Any private keys in .ssh should have permission 600 (user read and write only).

This contains the public key from the original key pair. Replace this with your new public key (or add a new line with the new public key) and then shutdown the rescue instance, detach the disk and attach it to the problem instance with the original device name (probably /dev/sda1).

Boot up and you should be able to login using the private key from the new key pair.