Provide SSH Access on AWS EC2 Instance with a private key - amazon-ec2

I have a AWS EC2 Instance running with a PEM file kept at a safe place.
Now I want to give sftp access to one of the user to a particular directory. For this they have given me the private key file of their system. Is it possible to somehow import that private key on AWS Instance?

In general, private keys should not be distrubuted. You need the users public key. You can then place that public key in the ~/.ssh/authorized_keys file for the user you want to allow access to. Note that you can use both sftp and scp to retrieve files from as server in a secure fashion. In my opintion, scp is easier to setup, but you may want sftp depending on your use case. If you want additional information on setting up SFTP, check How to setup an SFTP server on CentOS.

If you need is share a directory, you can associate your EC2 instances to an EFS clúster and share a directory between two or more instances and you could have a private instance (only you will have ssh access) and other public (other users can access to this instance by ssh or sftp).

Create public key and placed in ~/.ssh/authorized_keys file for anyone user need to access.
You should using sftp instead of scp for secure purpose.

Related

Disallow ec2 ssh key-pair login but allow a special ssh key to login

I have a use case that my product image only allow a specific ssh keypair (not distribute to customer, only support team has the keypair) to ssh to a VM.
The AMI image is built by packer. Is it possible to ignore the ssh keypair specific during the EC2 creation page but only allow a specific ssh keypair to login?
The reason is that we don't want user to login to the VM and change the configuration; Only support team can ssh into the VM during troubleshooting.
Set ssh_redirect_user to true in cloud-init and build in your authized key. This should disable the loading of authorized keys from EC2 meta data.
See https://cloudinit.readthedocs.io/en/latest/topics/modules.html#users-and-groups

Accidentally Deleted Local Key Pair

I am running an AWS EC2 VM for a school project. I accidentally deleted the local key pair on my computer then emptied my recycle bin on my Mac. I dont see a way to redownload the keypair.
There are important things running on the VM that I need.
Is it possible to redownload the local keypair?
I cant even seem to regenerate a new keypair to that instance.
There are two ways to recover the access.
AWS Systems Manager (SSM) automation
To recover access to your Linux instance using AWS Systems Manager (SSM) automation, run the AWSSupport-ResetAccess Automation automation document. For more information, see Reset Passwords and SSH Keys on Amazon EC2 Instances.
Manually recover access
To manually recover access to your Linux instance, create a new key pair to replace the lost key pair. For more information, see Connecting to Your Linux Instance If You Lose Your Private Key.

Unreachable Amazon EC2 Instance

I have a running amazon-ec2 instance that contains a personal wiki. It has been running fine for years, and today suddenly I'm unable to logon using the private key .ppk file using either Putty or WinSCP! (An hour ago I still can!)
I was panicking and I rebooted the amazon EC2 instance. (I didn't stop and start the instance, I choose reboot).
My question is, is my data lost? And if not, how can I recover it? I can't ssh to the machine and it seems my .pem file or .ppk file which I generated long time back doesn't work anymore.
Your help is much appreciated, it saves me a lot of hard work! Thanks!
You can try starting another ec2 instance, and attaching the EBS volume(of the instance you care about) to it. Then all you have to do is to mount it and your data should be intact.
You'll have to turn off the original instance to do that first. Also, this presumes you don't have the drive encrypted.
Your data will be lost only if you used instance store. If you used EBS, your data is intact.
If you can't SSH to your server, use "AWS Systems Manager" to shell into your instance and debug SSH connection: check if sshd is up, .ssh/authorized_keys file contents and permissions, etc...

AWS EC2 Instance Hacked

One of my EC2 instances was hacked a few days ago.
I tried logging in via SSH to the server, but I couldn't connect. I am the only one with access to the private key, and I keep it in a safe place.
Luckily, I had a backup of everything and was able to move the web app to a new instance quite fast.
My concern right now is that I don't know how my instance was hacked in the first place.
Why can't I log in via SSH using my private key? I would assume that the private key stored on the server can't be (easily) deleted.
Is there a way I can find out how the hacker gained access to the instance? Perhaps a log file that would point me in the right direction.
Should I attach the EBS volume in question to a new instance and see what's on it or what are my options in this case?
Right now, it seems I have to access at all to the hacked instance.
Thank you!
#Krishna Kumar R is correct about the hacker probably changing the ssh keys.
Next steps:
Security concerns (do these now!):
Stop the instance, but don't terminate yet
Revoke/expire any sensitive credentials that were stored on the instance, including passwords and keys for other sites and services. Everything stored on that instance should be considered compromised.
Post-mortem
Take an EBS snapshot of the instance's root volume (assuming that's where logs are stored)
Make a new volume from the snapshot and attach to a (non-production) instance
Mount and start reading logs. If this is a linux host and you have port 22 open in the firewall, I'd start with /<mount-point>/var/log/auth.log
They might have logged into your machine via password. In ssh config, check the value of: PasswordAuthentication. If it is set to yes, then users can login to the instance remotely via password. Check /var/log/secure for any remote logins. It will show up all logins (password or key based).
If someone logged in as 'root', they can modify the ssh keys.
The fact that you are unable to login to the machine does not mean that it has been "hacked". It could be due to a configuration change on the instance, or the instance might have changed IP address after a stop/start.
Do a search on StackOverflow for standard solutions to problems connecting to an instance and see if you can connect (eg recheck IP address, check security group, turn on ssh -v debugging, check network connectivity & VPC settings, view Get System Log, etc).
Worst case, yes, you could:
Stop the instance
Detach the EBS volume
Attach the EBS volume to another EC2 instance
Access the content of the EBS volume

How to setup Github SSH key on second computer

I've got a Github account setup on one computer. I would like to also access my Github account on a second machine using the same SSH key I used for the first computer. How do I import the SSH private key into the new computers user profile?
cp ~/other_comp_github_key ~/.ssh/github
The above command did not do the job in the git bash console on Windows.
Argh! No!
Do. Not. Share. Private. Keys.
Make a new keypair on the second computer.
It'd be best to create a new private key if github allows you to have several associated with your account. (Sharing private keys among machines is very much like sharing passwords on multiple accounts.) But not all services allow multiple keys, so...
You don't specify that you copied the private portion of the key; make sure you copy the private portion.
You don't specify that you configured the ~/.ssh/config block to use the ~/.ssh/github key for the github.com host. Make sure you add a new block to your ~/.ssh/config file just like block on the machine you stole the key from.
host github.com
IdentityFile ~/.ssh/github
(I don't know that the host is github.com -- if you use a different hostname, then use that.)
The copying of the private key will work, iff the permissions to the ssh files copied are correct, i.e. readable for the user who uses the keys, something like 555 will do. Also, since github allows multiple ssh keys to be used with same account, you can create a new keypair and add it to your account.
I had the same issue, simply create a new SSH Key in the other computer since its not advisable sharing the same SSH Keys across different computers.
Follow these sets of instructions on Github,I found them pretty much direct and easy to follow.
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent

Resources