So today I’m are going to cover the scenario of recovering access to an AWS instance if the
.pem file for the instance is lost because old SysAdmin has been resign. Some of us might have faced this issue, if not all.
This post highlights the steps needed to recover access to your AWS EC2 Instance after loosing or misplacing your ssh
.pem key-pair file
What is a key-pair file?
If you are asking this yourself, then maybe this post is not the right one for you. However, a key-pair is a combination of a public and private key. Amazon EC2 uses public-key cryptography to encrypt and decrypt login information.
Very often people lost access to their AWS EC2 Instances. This can happen for many different reasons such as switching to a new computer, losing one’s files, becoming responsible for someone else’s AWS deployments and much more. When this happens, there is a need to recover access to these instances.
How To Recovery Losing ec2 KeyPair
We will be needing a new instance to recover the .pem file for our lost instance. Let’s call this new instance as helper instance and lost instance as recovery instance
please follow the step:
- Every instance has a volume attached to it which has all the user data. So we need to stop the recovery instance. This can be done either from the AWS management console or using AWS SDK through CLI. Make sure you don’t terminate your recovery instance.
- Once the recovery instance is stopped. We will detach the volume attached to the recovery instance. Once detached, the volume will be available for use.
- We now need to attach this volume to our helper instance. Since our helper instance already has a root volume (/dev/sda1), our newly attached volume will be secondary (/dev/xvdf1). One thing to keep a note of is our helper instance should be in the same availability zone of the lost instance, else the volume of the lost instance will not be able to attach to the helper instance.
- Mount the new attached volume on the helper instance. We can do it by running this command.
mount /dev/xvdf1 /mount
This will mount our volume to /mount folder.
- Now we need to copy the authorized_keys from our helper instance .ssh folder to the mounted .ssh folder. This will allow the .pem file of the helper instance to log in to the recovery instance.
cp ~/.ssh/authorized_keys /mount/home/ubuntu/.ssh/
- Unmount the attached volume from the helper instance.
- Detach the volume from the helper instance and reattach it to the recovery instance. Make sure you mount the volume at /dev/sda1 as the recovery instance does not have any root volume attached to it yet. So this instance has to be mounted at /dev/sda1 like image attached below
- Use the pem file of helper instance to log in to the recovery instance.
- Stop and terminate the helper instance.
- This will let you rest the log in access to the recovery instance.
You can stop/delete the newly created instance to avoid accumulating additional AWS charges for the unused instance.
Please let me know in the comments if this has been helpful to you or if you encounter any challenges with this process and I will be willing to offer you the needed assistance.