AWS, Cloud Computing

4 Mins Read

3 Approaches for Recovering a Linux Instance Key Pair

Voiced by Amazon Polly


Key-Pairs are safe login credentials for your virtual machines. You can utilize Key-Pairs, which come with a Public Key and a Private Key, to connect to the instances. The Key-Pairs are password-protected login credentials for the Virtual Machines used to verify our identity while connecting the Amazon EC2 instances.

A key pair is created when we launch any EC2 instance in AWS and is used to SSH into the instance. If we lose the Key pair, we cannot SSH into that instance.

In this blog, we’ll go over three approaches. Any Linux instance can be recovered if the key pair is lost using the methods listed below.

Method 1 - EC2 Instance Connect

When you use EC2 Instance Connect to an instance, the Instance Connect API publishes a single-use SSH public key to the instance’s metadata, which stays for 60 seconds.

Security is increased because, after 60 seconds, we cannot locate the key on the server. When connecting to your instances using Secure Shell, Amazon EC2 Instance Connect provides a quick and safe option (SSH).

The Following Steps are required to connect to the instance by EC2 Instance Connect:

Step 1 – Go to the EC2 service in AWS Console, select the instance, and click on connect.

Step 2 – Select the EC2 Instance Connect Tab and click on Connect.


Step 3 – A new tab will open, and when it does, we will see a command prompt showing that we have successfully logged into the instance.


Customized Cloud Solutions to Drive your Business Success

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

Method 2 - Volume Exchange

The root volume of each instance contains the authorized key. This key is used to authorize SSH connections to instances when we attempt to do so. It is kept in “/home/ec2-user/.ssh/authorized keys” in the Linux AMI.

We must swap out the previously authorized key for the new authorized key to recover the instance. So that we can use a new Key Pair to SSH into the instance.

Step 1 – Stop the instance whose key pair was lost, then detach the associated volume.


Step 2 – Launch a new instance in the same region and create a new key pair for this instance.

Step 3 – Attach the Old volume to the newly launched instance.



Step 4 – SSH into the newly launched instance.

Step 5 – Run the following command to mount the old volume into this new instance.

Step 6 – To copy this new instance’s authorized key to the old instance’s volume, run the following command.

Step 7 – Use the following command to unmount the previous volume for this instance.

Step 8 – After that, detach the old volume from the new instance and reattach this volume to the previous one (old instance), giving the device the name “/dev/xvda”.


Step 9 – Start the old instance. Once the old instance runs, we may SSH into it using the newly created key pair for the new instance.

Method 3 - Create AMI and launch another Instance

An instance launch requires the information contained in an Amazon Machine Image (AMI), a supported and maintained image offered by AWS. When launching an instance, you must provide an AMI. When several instances with the same configuration are needed, you can launch them all from a single AMI. When launching instances, you can choose from various AMIs depending on the configuration of the instances you need.

The following steps are required to build an AMI of an already-launched instance and launch a new instance using that AMI:

Step 1 – Stop the instance, choose it, and select Actions -> Image and Templates -> Create Image


Step 2 – Enter the Image name and click on Create Image.


Step 3 – Go to the AMI section, choose the currently created AMI image, and click “Launch Instance from AMI.”


Step 4 – Launch the Instance with the required configuration and create a new key pair for this instance.

Step 5 – The root volume’s configuration and contents are copied to this newly launched instance. Consequently, we may terminate the old instance and use this one with the new key pair.


This blog covered three simple ways to restore the Linux instance if the Key Pair is lost. There are numerous additional methods for connecting to an instance without Key Pair (PEM file), including turning on password authentication in the instance so that users can log in using their password and SSM session manager.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is also the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Drop a query if you have any questions regarding Amazon EC2, Key Pair and I will get back to you quickly.

To get started, go through our Consultancy page and Managed Services Package that is CloudThat’s offerings.


1. If I lose the Key Pair, can I download it via the AWS Console?

ANS: – No, it is available for download from the AWS console at the moment of creation.

2. How many Key pairs can we create in any region?

ANS: – We can create a maximum of 5000 Key Pairs per region.

WRITTEN BY Rohit Lovanshi

Rohit Lovanshi works as a Research Associate (Infra, Migration, and Security Team) at CloudThat. He is AWS Developer Associate certified. He has a positive attitude and works effectively in a team. He loves learning about new technology and trying out different approaches to problem-solving.



    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!