0

What will happen if you lost the ssh key pair of a Linux instance? should you be able to get it back by contacting the Alibaba cloud support.

steve
  • 362
  • 3
  • 16
  • To recover an ECS instance keypair from Alibaba support would require access to the private key. Alibaba does not store the private key only the public key. The user must download and save the keypair. You cannot recover a specific keypair - you can create a new keypair and attach to the instance. See my answer below. – John Hanley Jun 22 '18 at 19:39
  • If you could recover it by support, that would be a great security issue. IF I was you I wouldn't generate the keys in console at all but generate locally and only import. – akostadinov Jul 25 '18 at 10:42

4 Answers4

1

The best way would be to reset the password and connect. Once you are in root you should be able to create a snapshot and restore it with a new instance. You will find the "Reset Password" under Console > Click on Instance> Instance Details> More> Reset Password RESET PASSWORD

Sai Sarath C P
  • 1,454
  • 2
  • 9
  • 26
  • Resetting the VNC password does not fix the issue of a lost SSH keypair. Restoring an image to a new instance also leaves the user in the same state with a lost SSH keypair. – John Hanley Jun 22 '18 at 19:15
1

The Alibaba Cloud CLI supports replacing an ECS instance keypair.

Step 1: Go the the Alibaba Console and look up the instance ID for your instance.

Step 2: Generate a new keypair:

aliyuncli ecs CreateKeyPair --RegionId us-west-1 --KeyPairName mykeypair

Step 3: Attach the keypair using the CLI:

aliyuncli ecs AttachKeyPair --RegionId us-west-1 --KeyPairName mykeypair --InstanceIds "[\"i-abcdeftvgllm854abcde\"]"

Step 4: Reboot the instance.

aliyuncli ecs RebootInstance --InstanceId i-abcdeftvgllm854abcde

I wrote an article for Alibaba on exactly this topic: https://www.neoprime.io/info/alibaba/devops/day_02.php

John Hanley
  • 74,467
  • 6
  • 95
  • 159
0

The answer is no. In such case, you have to create an ECS instance for this purpose.

Steps to recover ssh key pair.

  • create a new instance in any Region/Zone.
  • stop the old instance and de-attach it’s root EBS volume and attach it to the new instance as a secondary volume.
  • then login to the new instance and switch to root and create a mount point.

for ex:

lsblk
mkdir /mnt/recovery
lsblk
mount /dev/xvdf1 /mnt/recovery  (here /dev/xvdf1 is secondary disk)

now append the .ssh authorized key file

cat /home/ubuntu/.ssh/authorized_keys > /mnt/recovery/home/ubuntu/.ssh/authorized_keys

Update the volume of the old instance (i.e., currently secondary disk) with the new instance’s key ssh key file. now unmount the secondary disk

unmount /mnt/recovery/

Stop the new instance. de-attach secondary volume from the new instance and then attach it back to the old instance as root volume /dev/xvda start the old instance log in with new ssh key pair

ssh ubuntu@192.168.0.10 –i new-keypair.ppk

Done!

Sai Sarath C P
  • 1,454
  • 2
  • 9
  • 26
steve
  • 362
  • 3
  • 16
  • Steve - have you actually done this on Alibaba Cloud with an ECS instance? Alibaba does not support detaching the root disk instance. Therefore you cannot attach the root volume to another instance to modify the authorized_keys file. – John Hanley Jun 22 '18 at 19:36
0

Not sure if Alibaba Cloud Support can help you with recovering a lost SSH Key pair. My best advise is to reset the instance password: https://www.alibabacloud.com/help/doc-detail/25439.htm

Also you can contact the support team if you wish and see what help they can offer.

Deepak Kamat
  • 1,880
  • 4
  • 23
  • 38