-3

My secretary created a new instance in Amazon using their EC2 server but lost the .pem file. Doing research online I was able to go to the instance system settings/get system log and retrieve some type of password there. The instance system log shows something like this:

2019/04/15 12:15:19Z: Username: Username
2019/04/15 12:15:19Z: Password: <Password>

It is a very long code of random characters.

Is there any way I can use this to log in via remote desktop or is there a way to decrypt it? I tried several decryption methods online and they said this was not a valid "hash"...whatever this means. I am not a technical person so I need hopefully a response in layman terms.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Denison
  • 1
  • 1
    Try asking Amazon support, but I think you're out of luck. If this is a new instance, why not just delete and make a new one? Also, you shouldn't be calling someone dumb on this site. – dyz May 30 '19 at 15:29
  • There is already stuff on the server. Basically, I need to know if the password that I found in the system log can be used, unencrypted, etc. I cannot ask Amazon because they charge for support and I don't have support with them. – Denison May 30 '19 at 22:46
  • No, that hashed password cannot be used. Even if you knew the password, password login is turned off by default. Try file recovery software on the computer which had the pem file. – dyz May 30 '19 at 23:06
  • @Denison You can sign up for the $49/month level of support, and cancel after your support case. Should only wind up costing a couple bucks. If you can afford a secretary with devops skills, you can probably afford that. – ceejayoz May 30 '19 at 23:22
  • Is there anything important on the instance? If not, terminate it and launch another one. – John Rotenstein May 30 '19 at 23:29

1 Answers1

0

It appears that you are connecting to a Windows instance. When a new Amazon EC2 Windows instance is launched, a program on the AMI (disk image) automatically generates a random Administrator password. This is done so that you can access the instance, but nobody else can.

To keep the password secret, the program encrypts the password with the keypair nominated when the instance was launched. The encrypted password is passed back to AWS via the console. That is the string of 'random characters' you saw.

To decrypt the password, you can use the Get Windows Password feature, which requires you to supply the nominated keypair. It will then decrypt the password, which can be used to login to the instance as Administrator.

Since you no longer have the keypair, you cannot decrypt the password and therefore cannot login to the server. This is good! This proves that security works, because you would not want other people to be able to login to the server.

So, can do you regain access?

Refer to the steps on: I need to reset the administrator password on a Windows Server instance in Amazon EC2

Basically, there are two methods:

  • If Systems Manager is enabled for the instance, you can run a "rescue" script
  • Otherwise, there is a series of scripts that assist with the process of:
    • Detaching the disk
    • Attaching it to another instance
    • Resetting a configuration on the disk
    • Reattaching the disk to the original instance

The second process is a bit like plugging a USB disk into another computer to change a file (except that EC2 disks are managed differently).

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470