Voiced by Amazon Polly |
Overview
Key-Pairs are safe login credentials for your virtual machines. You can utilize Key-Pairs, which come with a Public Key and a Private Key, to connect to the instances. The Key-Pairs are password-protected login credentials for the Virtual Machines used to verify our identity while connecting the Amazon EC2 instances.
A key pair is created when we launch any EC2 instance in AWS and is used to SSH into the instance. If we lose the Key pair, we cannot SSH into that instance.
In this blog, we’ll go over three approaches. Any Linux instance can be recovered if the key pair is lost using the methods listed below.
Customized Cloud Solutions to Drive your Business Success
- Cloud Migration
- Devops
- AIML & IoT
Method 1 - EC2 Instance Connect
When you use EC2 Instance Connect to an instance, the Instance Connect API publishes a single-use SSH public key to the instance’s metadata, which stays for 60 seconds.
Security is increased because, after 60 seconds, we cannot locate the key on the server. When connecting to your instances using Secure Shell, Amazon EC2 Instance Connect provides a quick and safe option (SSH).
The Following Steps are required to connect to the instance by EC2 Instance Connect:
Step 1 – Go to the EC2 service in AWS Console, select the instance, and click on connect.
Step 2 – Select the EC2 Instance Connect Tab and click on Connect.
Step 3 – A new tab will open, and when it does, we will see a command prompt showing that we have successfully logged into the instance.
Method 2 - Volume Exchange
The root volume of each instance contains the authorized key. This key is used to authorize SSH connections to instances when we attempt to do so. It is kept in “/home/ec2-user/.ssh/authorized keys” in the Linux AMI.
We must swap out the previously authorized key for the new authorized key to recover the instance. So that we can use a new Key Pair to SSH into the instance.
Step 1 – Stop the instance whose key pair was lost, then detach the associated volume.
Step 2 – Launch a new instance in the same region and create a new key pair for this instance.
Step 3 – Attach the Old volume to the newly launched instance.
Step 4 – SSH into the newly launched instance.
Step 5 – Run the following command to mount the old volume into this new instance.
1 |
sudo mount -o rw,nouuid /dev/xvdf1 /mnt |
Step 6 – To copy this new instance’s authorized key to the old instance’s volume, run the following command.
1 |
cat /home/ec2-user/.ssh/authorized_keys >> /mnt/home/ec2-user/.ssh/authorized_keys |
Step 7 – Use the following command to unmount the previous volume for this instance.
1 |
umount /mnt |
Step 8 – After that, detach the old volume from the new instance and reattach this volume to the previous one (old instance), giving the device the name “/dev/xvda”.
Step 9 – Start the old instance. Once the old instance runs, we may SSH into it using the newly created key pair for the new instance.
Method 3 - Create AMI and launch another Instance
An instance launch requires the information contained in an Amazon Machine Image (AMI), a supported and maintained image offered by AWS. When launching an instance, you must provide an AMI. When several instances with the same configuration are needed, you can launch them all from a single AMI. When launching instances, you can choose from various AMIs depending on the configuration of the instances you need.
The following steps are required to build an AMI of an already-launched instance and launch a new instance using that AMI:
Step 1 – Stop the instance, choose it, and select Actions -> Image and Templates -> Create Image
Step 2 – Enter the Image name and click on Create Image.
Step 3 – Go to the AMI section, choose the currently created AMI image, and click “Launch Instance from AMI.”
Step 4 – Launch the Instance with the required configuration and create a new key pair for this instance.
Step 5 – The root volume’s configuration and contents are copied to this newly launched instance. Consequently, we may terminate the old instance and use this one with the new key pair.
Conclusion
This blog covered three simple ways to restore the Linux instance if the Key Pair is lost. There are numerous additional methods for connecting to an instance without Key Pair (PEM file), including turning on password authentication in the instance so that users can log in using their password and SSM session manager.
Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.
- Cloud Training
- Customized Training
- Experiential Learning
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront Service Delivery Partner, Amazon OpenSearch Service Delivery Partner, AWS DMS Service Delivery Partner, AWS Systems Manager Service Delivery Partner, Amazon RDS Service Delivery Partner, AWS CloudFormation Service Delivery Partner, AWS Config, Amazon EMR and many more.
FAQs
1. If I lose the Key Pair, can I download it via the AWS Console?
ANS: – No, it is available for download from the AWS console at the moment of creation.
2. How many Key pairs can we create in any region?
ANS: – We can create a maximum of 5000 Key Pairs per region.

WRITTEN BY Rohit Lovanshi
Rohit Lovanshi works as a Research Associate (Infra, Migration, and Security Team) at CloudThat. He is AWS Developer Associate certified. He has a positive attitude and works effectively in a team. He loves learning about new technology and trying out different approaches to problem-solving.
Comments