2

First off, I'm a new-born with AWS (started looking into it two days ago). My client needs a new Drupal 6 module, I have it done, all I need is to upload it and set some things up. My client gave me a username and password for Amazon, so I figured they were using AWS.

I can see the Running Instance, and I've followed Amazon documentation to add a new Key Pair and also add my a custom IP rule for SSH access. Problem is, when I try to connect via ssh with a very simple and basic command

ssh -i taskey.pem ec2-user@ec-x-x-x-x...amazonaws.com

the reponse is

Permission denied (publickey).

Satus of my environment:

  • Existing SSH rule for my IP address on the Security Group associated to the running Instance
  • New Key Pair added to the running instance
  • key.pem file has 0600 permission
  • I know it's a Centos machine because when I ping the site's IP part of the response says it is. Hence why I use username ec2-user
  • Just in case, I've also tried ubuntu and root.

Reading around some, it seems that you can't just magically add new Key Pairs to running instances. There is an existing public key for my running instance, but it was created in the past by another worker, and I can't contact them.

My client has no repository, hence, as you can imagine, why I'm not just trying loads of things. If I break it, everything gets lost.

This answer suggests to delete the old Key Pair (the one I have no .pem file for). But I don't know what the consequences of that might be.

Sorry for such noobness but I'm in a rush and have no room to try things.

Thanks in advance.

EDIT

I've chosen the "create an AMI..." answer, simply because it's the one I went for. I liked the fact that the old machine could be kept (shut down) and if anything went wrong all I had to do was turn it on again. I up-voted the other possible answer in regards to mounting and unmounting the hard drive, because it's another way of doing it and, in some cases, the only way.

Steps followed to achieve SSH ACCESS SUCCESSFULLY:

  1. Stop running instance
  2. Create an AMI from it (right click and choose Create Image)
  3. Once that was created I launched it and gave it the same specifics as the original instance
  4. Supply it with my new key-pair
  5. Repointed my assigned elastic-IP (that's the only service I had, luckily very simple). Went to
    Elastic IPs, saw the existing one (which no longer had anything assigned to it since the original instance was shut down. Right clicked it and chose Associate Address and chose the new running instance from the created AMI in the Associate with list.)
  6. Checked I had SSH access to it.
Community
  • 1
  • 1
Chayemor
  • 3,577
  • 4
  • 31
  • 54

2 Answers2

2

You cannot add a new key pair to a running instance - like it says in the comments of the answer you point to.

I'm afraid that if you cannot contact a person who has the original .pem file you will not be able to connect to that machine via SSH.

You can create an AMI image from it, and create a new machine from that AMI with the new key-pair. There you could do all the changes you need, and then, point whatever services using it to the new machine. After you verify that the new machine is up to par, you can terminate the old machine.

Community
  • 1
  • 1
Uri Agassi
  • 36,848
  • 14
  • 76
  • 93
  • I ended up picking this answer because it leaves me with a machine as a "backup" in case anything goes wrong. The answer with the volume detach/attach/detach/attach would leave me with no backup, and as it is, I can't risk that. It would still be a possibility though, just not first in my list. – Chayemor May 28 '14 at 10:22
  • Note that this solution and sorohan's both work. The key takeaway in both cases is that you're starting a new instance (with your new key pair) that's very much *like* the old one. It's convenient that an AMI works fine as a backup, but you certainly take an AMI (or just an EBS snapshot) for safety, and then use sorohan's technique. – solublefish Mar 10 '15 at 01:04
1

Amazon provides a guide for connecting to an instance if you lose your private key. As long as it's an EBS backed instance. See here:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair

The general procedure for doing so is (from the docs):

You must stop the instance, detach its root volume and attach it to another instance as a data volume, modify the authorized_keys file, move the volume back to the original instance, and restart the instance.

sorohan
  • 786
  • 6
  • 12
  • I found that documentation as well but haven't gotten the chance to try it out since I can't seem to figure out if its EBS backed or not. In the EBS tab on the dashboard, when I enter it, there´s nothing, so I figure it's not an EBS backed instance. – Chayemor Apr 29 '14 at 10:33
  • 1
    In the EC2 management console, when you select the instance, it should say "Root device type" in the "Description" tab. If it's not an EBS backed instance I think your best bet is to as Uri said and create a new AMI from that instance (select the instance, click on the Actions menu, and click Create Image). You can select "no reboot", and the machine will keep running while it creates the AMI. – sorohan Apr 30 '14 at 03:56
  • Sweet! It is ebs backed, as son as I try out the documentation I'll come here to select your answer. Cheers. – Chayemor Apr 30 '14 at 08:39