AWS - Create new instance from AMI, but lost keys?

1
votes

I have an AMI that I created a few weeks ago. I want to launch a new AWS EC2 instance and provide that AMI as the image. Problem is, I can't ssh into that box now.

I have tried to attach a new key pair when launching the new instance, but it's as if the configuration of the SSH keys on the box is ignoring my newly attached key pair.

Is there a way to overcome this issue?

I know my new key pair works, I've tested it on a totally blank new instance and I can SSH in just fine.

Any help is greatly appreciated!

1
amazon-web-servicesamazon-ec2key-pair
Is the security group for your EC2 instance allowing connections on port 22 from your IP address?spg
Not port 22 no, I use a different port, but the security group does allow it. Networking shouldn't be an issue though. I can reach the instance, it just says "Permission denied (public key)".user1840352
What linux distro is the AMI? What is the user did you try to ssh in as?helloV
Distro is Ubuntu 14.04user1840352

1 Answers

4
votes

The keypair is only copied to the Amazon EC2 instance the first time that the disk is booted. Since you have already booted from that disk (or a disk from which the image was made), it will not copy the keypair again.

You will need to copy a new keypair to the /home/ec2-user/.ssh directory. This can be done by attaching the EBS volume to a different instance:

  • Stop the instance (Instance 1)
  • Detach the EBS volume (make a note of the device identifier, eg /dev/xvda)
  • Attach the EBS volume to another Linux instance (Instance 2)
  • Edit the /home/edc2-user/.ssh/authorized_keys file and insert your desired public key
  • Detach the EBS volume from Instance 1, re-attach it to Instance 2
  • Start Instance 1 and ssh to it using your new keypair

See documentation: Connecting to Your Linux Instance if You Lose Your Private Key