Problem with connect to AWS Linux

Arthit84
Arthit84 used Ask the Experts™
on
Hello Expert

I got a customer that have an AWS environment.
I have never work with AWS before and i am trying to connect to the VM. But i cant because to connect it require a SSH key, but i dont have that and also the previous tech dont have that either.

What is the best way for me to gain access to the VM

Thanks in Advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
When you spin up an AWS instance an ephemeral private key is generated + presented right then.

You must capture this private key, because it's not stored anywhere.

If you don't capture it, well... it's gone forever.

If this is the only ssh key for the instance (no other entries in ~root/.ssh/authorized_keys) then there's no way to access the instance via ssh.

At least this was the way AWS use to work.

They might have fixed this so the private key is now kept somewhere... so...

You must either have the key or AWS must store the key for you to establish ssh access to the instance.
David is correct you need the private key of the user that deployed the ec2 instance in order to be able to ssh into it. What I would try is create an AMI of the machine you are trying to login to and launch a new machine with your private key. You can do this through the AWS console.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Many a client has found out the hard way there's no way to get into their instance after it's started.

Tip: Good practice. Anytime you spin up a new AWS instance, use ssh-copy-id to copy a consistent/know public key into all your instances + also record the private cert returned. This little trick ensures, if the ephemeral key is lost, then you can still get in with the known key.

Note: Be sure you run your backup procedure prior to stop/restart of an AWS instance as... depending on how the instance is configured, a stop/restart may lose all data related to the instance.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Thanks guys.
The former staff dont have the key:(
so basiclly i am left hanging :(

So is the best way yo create AMI of the machine?
Is ther any otherway that you guys know?

Thanks
Fractional CTO
Distinguished Expert 2018
Commented:
Creating an AMI requires a good bit of conversation, so likely best to close this question + open another.

And... you won't be able to save any data from your current instance without a key... unless you have some other mechanism running, like running WordPress on the instance, so you can use a backup plugin to save your data.

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.customenv.html provides the starting point for AMI creation.

Tip: If you do create a custom AMI, bake into your AMI ~root/.ssh/authorized_keys to contain the public key for a private key you have on file.
Another thing you can try is If the instance uses an EBS-backed instance, you can stop the instance, detach its root volume and attach it to another instance as a data volume, modify the authorized_keys file, move the volume back to the original instance, and restart the instance.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
@Adelaido, thanks for this crafty trick!

I've file this away for future use.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial