2

AWS rookie here. I created a few EC2 instances under my AWS account and reused the same Key Pair for all of them. I believe (IIRC) that I had generated the Key Pair from inside AWS, but that could be wrong.

Over this past weekend I sold my old laptop (after completely wiping the hard disk) and got a new one. I'm just remembering now (:facepalm) that I forgot to copy all my SSH private keys to a flash drive and that I no longer have them.

All I want/need to do is to SSH into my EC2 instances, but to do that I need my SSH keys. I still have AWS console access, and I can log in and view all my EC2 Key Pairs. But I don't see any options for downloading them or updating my EC2 instances with new Key Pairs.

So I ask:

  1. Is it possible for me to recover my existing Key Pairs somehow so that I can SSH into my EC2 instances? Again I can log into the AWS console. If not, then...
  2. Is it possible to generate another Key Pair and "swap it out" for my existing Key Pair?

I really don't want to have to tear down my old EC2 instances and re-provision new ones, that will take about a week for me to do (although, arguably, it would serve me right!).

hotmeatballsoup
  • 143
  • 7

1 Answers1

1

It is only possible to regain access to an EBS-backed Linux instance.

But for regular instances, it is not possible to recover the key as AWS doesn't save a copy of it.

So in your case, if your instances are not EBS-backed, then you will have to destroy the instances, create a new key and new instances using the new key.

More information can be found here.

This is the relevant information from the above link:

Amazon EC2 doesn't keep a copy of your private key; therefore, if you lose a private key, there is no way to recover it. If you lose the private key for an instance store-backed instance, you can't access the instance; you should terminate the instance and launch another instance using a new key pair. If you lose the private key for an EBS-backed Linux instance, you can regain access to your instance. For more information, see Connecting to Your Linux Instance if You Lose Your Private Key.

Edit #1:

In order to regain access to the ebs-backed instances, you must stop the instance, detach its root volume and attach it to another instance as a data volume, modify the authorized_keys file to add your newly created ssh key, move the volume back to the original instance, and restart the instance.

Information about that process can be found here.

Itai Ganot
  • 10,644
  • 29
  • 93
  • 146
  • Thanks @Itai Ganot (+1) -- I see that my `Root device type` is "ebs" and that both my "Root device" and "Block devices" values are `/dev/xvda`...does this mean there's any hope for me?! – hotmeatballsoup Apr 10 '18 at 09:38