Recovering lost AWS EC2 Key Pairs

0
votes

AWS rookie here. I created a few EC2 instances under my AWS account and reused the same Key Pair for all of them. I believe (IIRC) that I had generated the Key Pair from inside AWS, but that could be wrong.

Over this past weekend I sold my old laptop (after completely wiping the hard disk) and got a new one. I'm just remembering now (:facepalm) that I forgot to copy all my SSH private keys to a flash drive and that I no longer have them.

All I want/need to do is to SSH into my EC2 instances, but to do that I need my SSH keys. I still have AWS console access, and I can log in and view all my EC2 Key Pairs. But I don't see any options for downloading them or updating my EC2 instances with new Key Pairs.

So I ask:

  1. Is it possible for me to recover my existing Key Pairs somehow so that I can SSH into my EC2 instances? Again I can log into the AWS console. If not, then...
  2. Is it possible to generate another Key Pair and "swap it out" for my existing Key Pair?

I really don't want to have to tear down my old EC2 instances and re-provision new ones, that will take about a week for me to do (although, arguably, it would serve me right!).

2
amazon-web-servicesamazon-ec2sshssh-keyskey-pair
Please move your question to Super User (delete here, re-post there). It's off-topic here.Martin Prikryl
The super user delete already but on topic if it can.hotmeatballsoup

2 Answers

4
votes

Rebuild shouldnt be nesserary. Id suggest option 2 as its quicker and easier.

1.> Its possible to change/append a new key?

  • Power off the ec2 instance you want to access ("target").

  • Create a new ("temporary") instance.

  • Detach the primary EBS volume from target instance (taking note of its current attachment!).

  • Attach/mount target volume on temporary instance.

  • edit appropriate authorized_keys file on the mounted volume.

  • unmount target volume, and reattach to target ec2 instance (using config you noted when detatching it)

  • start target instance and login with new key.

  • delete temporary instance

2.> Yes. Snapshot the instance. Provision a new instance from the snapshot selecting a different key (keypair popup appears when you click launch at end of launch wizard)

0
votes

Change ec2 user data to a multipart mime.

Parts:

  • cloud config
cloud_final_modules:
- [scripts-user, always]
  • shell script

Overwrites /home/ec2-user/.ssh/authorized_keys

Refer to this blog article replace ec2 ssh key