1

I'm trying to help a friend recover access to an EC2 instance where the private key was lost (is there possibly another way to access to make changes to content? Maybe the answer is more simple and right in front of my face). I followed the following steps accordingly, except for step 7 because I am getting refused:

  1. Stop the EC2 Linux Instance
  2. Detach the Root Volume
  3. Launching a new Temporary Instance
  4. Attach the Root Volume to New Instance
  5. Modify the authorized_keys File
  6. Reattach the Root Volume to the Original Instance
  7. Start and Connect the Original Instance with New Private Key

What stands out to me was that on step 5 I had to change the permissions of the /ec2-user directory, the /.ssh directory, and the file /.ssh/authorized_keys file to modify the keys.

When I tried step 7, I'm getting refused but I remember that the permissions for the authorized_keys file was set to rw------- (600) and I'm thinking that it needs to be increase. I could do 777 but that's terrible. Am I correct in my assumption? If so, what permission should I set? If not, any advice?

Daniel Ferradal
  • 2,415
  • 1
  • 8
  • 13
WannaLaugh
  • 11
  • 1
  • 1
    I confirm that permission `0700` on `.ssh` dir and `0600` on `.ssh/authorized_keys` works just one, no need to relax that. (And as a side note, please never ever even consider `777` for *anything*.) – janos Dec 17 '17 at 18:51
  • Thank you for letting me know the correct permissions. I noticed that there were two user directories, but I only changed the "authorized_keys" for the ec2-user. I'm a little hesitant to change the other. Oh, and I did create a snapshot before I did all of this. – WannaLaugh Dec 17 '17 at 19:00
  • After step 4, you should not go to step 5, but instead _check the logs_ from the troubled instance's volume to see what is actually going on. – Michael Hampton Dec 17 '17 at 19:26
  • Create a new managed key in AWS and then create the new temporary instance using the new key pair. Because the temp server is already configured properly with a new, working key just copy that SSH configuration to the old server after you mount the volume. So step 5: copy config from temp server to old server. – Appleoddity Dec 18 '17 at 04:54

0 Answers0