Login
February 28, 2023|
Voiced by Amazon Polly |
Overview
Key-Pairs are safe login credentials for your virtual machines. You can utilize Key-Pairs, which come with a Public Key and a Private Key, to connect to the instances. The Key-Pairs are password-protected login credentials for the Virtual Machines used to verify our identity while connecting the Amazon EC2 instances.
A key pair is created when we launch any EC2 instance in AWS and is used to SSH into the instance. If we lose the Key pair, we cannot SSH into that instance.
In this blog, we’ll go over three approaches. Any Linux instance can be recovered if the key pair is lost using the methods listed below.
Customized Cloud Solutions to Drive your Business Success
- Cloud Migration
- Devops
- AIML & IoT
Method 1 - EC2 Instance Connect
When you use EC2 Instance Connect to an instance, the Instance Connect API publishes a single-use SSH public key to the instance’s metadata, which stays for 60 seconds.
Security is increased because, after 60 seconds, we cannot locate the key on the server. When connecting to your instances using Secure Shell, Amazon EC2 Instance Connect provides a quick and safe option (SSH).
The Following Steps are required to connect to the instance by EC2 Instance Connect:
Step 1 – Go to the EC2 service in AWS Console, select the instance, and click on connect.
Step 2 – Select the EC2 Instance Connect Tab and click on Connect.
Step 3 – A new tab will open, and when it does, we will see a command prompt showing that we have successfully logged into the instance.
Method 2 - Volume Exchange
The root volume of each instance contains the authorized key. This key is used to authorize SSH connections to instances when we attempt to do so. It is kept in “/home/ec2-user/.ssh/authorized keys” in the Linux AMI.
We must swap out the previously authorized key for the new authorized key to recover the instance. So that we can use a new Key Pair to SSH into the instance.
Step 1 – Stop the instance whose key pair was lost, then detach the associated volume.
Step 2 – Launch a new instance in the same region and create a new key pair for this instance.
Step 3 – Attach the Old volume to the newly launched instance.
Step 4 – SSH into the newly launched instance.
Step 5 – Run the following command to mount the old volume into this new instance.
|
1 |
sudo mount -o rw,nouuid /dev/xvdf1 /mnt |
Step 6 – To copy this new instance’s authorized key to the old instance’s volume, run the following command.
|
1 |
cat /home/ec2-user/.ssh/authorized_keys >> /mnt/home/ec2-user/.ssh/authorized_keys |
Step 7 – Use the following command to unmount the previous volume for this instance.
|
1 |
umount /mnt |
Step 8 – After that, detach the old volume from the new instance and reattach this volume to the previous one (old instance), giving the device the name “/dev/xvda”.
Step 9 – Start the old instance. Once the old instance runs, we may SSH into it using the newly created key pair for the new instance.
Method 3 - Create AMI and launch another Instance
An instance launch requires the information contained in an Amazon Machine Image (AMI), a supported and maintained image offered by AWS. When launching an instance, you must provide an AMI. When several instances with the same configuration are needed, you can launch them all from a single AMI. When launching instances, you can choose from various AMIs depending on the configuration of the instances you need.
The following steps are required to build an AMI of an already-launched instance and launch a new instance using that AMI:
Step 1 – Stop the instance, choose it, and select Actions -> Image and Templates -> Create Image
Step 2 – Enter the Image name and click on Create Image.
Step 3 – Go to the AMI section, choose the currently created AMI image, and click “Launch Instance from AMI.”
Step 4 – Launch the Instance with the required configuration and create a new key pair for this instance.
Step 5 – The root volume’s configuration and contents are copied to this newly launched instance. Consequently, we may terminate the old instance and use this one with the new key pair.
Conclusion
This blog covered three simple ways to restore the Linux instance if the Key Pair is lost. There are numerous additional methods for connecting to an instance without Key Pair (PEM file), including turning on password authentication in the instance so that users can log in using their password and SSM session manager.
Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.
- Cloud Training
- Customized Training
- Experiential Learning
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
FAQs
1. If I lose the Key Pair, can I download it via the AWS Console?
ANS: – No, it is available for download from the AWS console at the moment of creation.
2. How many Key pairs can we create in any region?
ANS: – We can create a maximum of 5000 Key Pairs per region.
WRITTEN BY Rohit Lovanshi
Rohit Lovanshi works as a Research Associate (Infra, Migration, and Security Team) at CloudThat. He is AWS Developer Associate certified. He has a positive attitude and works effectively in a team. He loves learning about new technology and trying out different approaches to problem-solving.
PREV
Comments