8

I am using amazon EC2. I enabled UFW in my server and without adding any other rule I logged out. Now since there was no rule specified, I am not able to login to SSH and because of it even my website is down. Can someone help me in how to disable UFW now?

Dave M
  • 4,514
  • 22
  • 31
  • 30
Cheran Prakash
  • 171
  • 1
  • 5
  • I have never used EC2, but it sounds like you have set up a firewall with no allow rules, so there will be no way to connect to it. Disabling the rules will likely require logging in through a terminal emulator. – Paul Nov 16 '15 at 19:52
  • ya but i am not able to get into ssh for disabling it..So is there a way to do it? – Cheran Prakash Nov 16 '15 at 19:54
  • 1
    By terminal emulator I mean something that connects to the terminal of the machine. I know Rackspace offers this for their Public Cloud Servers, but I don't know if Amazon has something similar. It would likely be somewhere in the control panel. – Paul Nov 16 '15 at 20:03
  • i use ssh putty to connect. – Cheran Prakash Nov 16 '15 at 20:06
  • This would go through Amazon directly to the server, not though the Internet. It is not SSH. The terminal is the thing that connects directly to a machine for local access. Obviously the terminal I am referring to would be something virtual, assuming they have one at all. – Paul Nov 16 '15 at 20:09
  • ya i am searching for it but i dont think amazon has it. – Cheran Prakash Nov 16 '15 at 20:12
  • 1
    As I suggested in your previous question, you are going to have to somehow access the server through its terminal. If Amazon does not offer an emulator, then you will have to restore from backup. – Paul Nov 16 '15 at 21:48
  • 1
    @CheranPrakash: I also do not use Amazon EC2, but the following answer from Jamieson Becker to a somewhat similar problem may help you: http://serverfault.com/a/643110/21832 (taken from http://serverfault.com/questions/144988/root-locked-out-of-ec2) – ricmarques Nov 17 '15 at 00:08
  • 1
    No, there is no bidirectional virtual console tty in EC2. (You can *read* the output from the virtual console port but that's all.) If you isolate yourself, you are isolated. You will have to repair the server essentially the same way would repair physical server that you had rendered unusable ... stop, detach, attach, mount, repair, unmount, detach, attach, restart ... or, discard the instance and start over. – Michael - sqlbot Nov 17 '15 at 03:53

2 Answers2

9

thank you for the help guys,

I found a solution to the problem. I have explained them in the below points..

  • I logged into my console and stopped the current instance
  • Then went to the volumes section and detached my volume that was associated with the present instance.
  • Then launched a new instance.
  • then attached the volume of the previous instance to the new instance
  • then logged into the new instance using ssh.
  • used lsblk command to see that block devices attached to my instance. In my case there was two i.e. the one created along with the new instance and it was the root and the next was my previous instances volume which was still not mounted.
  • then I mounted the previous volume into the instance by using the command sudo mount /dev/xvdf1 /mnt -t ext4 (Here i used xvdf1 because my data was present in that)
  • then went to /mnt/etc/ufw/ufw.conf and changed enabled=yes to enabled=no
  • saved the file and logged out
  • again visited AWS console volume section and detached the previous volume and attached it to the stopped previous instance selecting exact previous instance and path as /dev/sda1
  • went to instances tab and started the old instance.
  • Now logged into the instance and it worked like a gem and all the files were intact.
Satzaa Mzh
  • 3
  • 3
Cheran Prakash
  • 171
  • 1
  • 5
  • 2
    When following this, it is also important to unmount the volume using `umount /mnt` before attempting to detach the volume. – Nick Feb 06 '17 at 20:38
5

I have the same problem and found out that these steps work:

  1. Stop your instance

  2. Go to `Instance Settings -> View/Change user Data

  3. Paste this 

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
ufw disable
iptables -L
iptables -F
--//
  1. Start your instance

Hope it works for you.

Glorfindel
  • 1,213
  • 4
  • 15
  • 22
Fabián Bertetto
  • 151
  • 1
  • 2