发表新帖
发表新帖

On Amazon EC2 is it possible to reassign a keypair to an already running instance?

后端 未结
关注
3 974
夕颜
夕颜 2021-01-12 19:32

On Amazon EC2 is it possible to reassign a keypair to an already running instance?

I am having problem with a particular keypair and am wondering if there is a way t

相关标签:
3条回答
  • 别那么骄傲
    2021-01-12 19:40

    Probably ... just guessing based on what I've done in a few instances:

    1. Log into the instance with ssh. If that's the problem, you're pretty much stuck
    2. SFTP the public key from the new pair and put it in place in the .ssh authorized keys
    3. Restart the sshd

    Now, try accessing with the private key that matches the public one you put in place.

    But I fear the problem you have is getting in when the pair AWS put in place has gone bad. No help there.

    0 讨论(0)
  • 借酒劲吻你
    2021-01-12 19:58

    If you are using a linux server you can detach the disk and mount them on another instance to work out what the problem is.

    First shut down the problem server. Make a note of the device name (probably /dev/sda1) and detach the disk.

    Then create a new instance (lets call it the rescue instance) using a new key pair, and attach the disk you detached as additional disk (don't replace the rescue instance's disk).

    Then login with ssh to the rescue instance and mount the disk. In the main user account in the newly mounted disks home folder there is a folder named .ssh with a file authorized_keys (/mnt/home/ubuntu/.ssh/authorized_keys for example).

    The authorized_keys file can contain multiple public keys each on it's own line. Check the permissions on the .ssh folder and the parent folder, both should only allow write for the owner only. Read permission is required for group and world I think. Any private keys in .ssh should have permission 600 (user read and write only).

    This contains the public key from the original key pair. Replace this with your new public key (or add a new line with the new public key) and then shutdown the rescue instance, detach the disk and attach it to the problem instance with the original device name (probably /dev/sda1).

    Boot up and you should be able to login using the private key from the new key pair.

    0 讨论(0)
  • 盖世英雄少女心
    2021-01-12 20:04

    The best solution we have been able to come up with is to create an AMI from the running instance and launch a new instance from that AMI using the new key pair.

    Every instance we launch is based on a custom AMI that we maintain for this and many other reasons.

    I'm interested to hear if anyone has a better approach.

    0 讨论(0)
 看不清?
提交回复
热议问题