What will happen if you lost the ssh key pair of a Linux instance? should you be able to get it back by contacting the Alibaba cloud support.
The best way would be to reset the password and connect. Once you are in root you should be able to create a snapshot and restore it with a new instance.
You will find the "Reset Password" under Console > Click on Instance> Instance Details> More> Reset Password
The Alibaba Cloud CLI supports replacing an ECS instance keypair.
Step 1: Go the the Alibaba Console and look up the instance ID for your instance.
Step 2: Generate a new keypair:
aliyuncli ecs CreateKeyPair --RegionId us-west-1 --KeyPairName mykeypair
Step 3: Attach the keypair using the CLI:
aliyuncli ecs AttachKeyPair --RegionId us-west-1 --KeyPairName mykeypair --InstanceIds "[\"i-abcdeftvgllm854abcde\"]"
Step 4: Reboot the instance.
aliyuncli ecs RebootInstance --InstanceId i-abcdeftvgllm854abcde
I wrote an article for Alibaba on exactly this topic:
https://www.neoprime.io/info/alibaba/devops/day_02.php
The answer is no.
In such case, you have to create an ECS instance for this purpose.
Steps to recover ssh key pair.
create a new instance in any Region/Zone.
stop the old instance and de-attach it’s root EBS volume and attach it to the new instance as a secondary volume.
then login to the new instance and switch to root and create a mount point.
for ex:
lsblk
mkdir /mnt/recovery
lsblk
mount /dev/xvdf1 /mnt/recovery (here /dev/xvdf1 is secondary disk)
now append the .ssh authorized key file
cat /home/ubuntu/.ssh/authorized_keys > /mnt/recovery/home/ubuntu/.ssh/authorized_keys
Update the volume of the old instance (i.e., currently secondary disk) with the new instance’s key ssh key file.
now unmount the secondary disk
unmount /mnt/recovery/
Stop the new instance.
de-attach secondary volume from the new instance and then attach it back to the old instance as root volume /dev/xvda
start the old instance log in with new ssh key pair
ssh ubuntu#192.168.0.10 –i new-keypair.ppk
Done!
Not sure if Alibaba Cloud Support can help you with recovering a lost SSH Key pair. My best advise is to reset the instance password: https://www.alibabacloud.com/help/doc-detail/25439.htm
Also you can contact the support team if you wish and see what help they can offer.
Related
Me and my friend are working on AWS EC2 first time and using their free tier plan for 1st year.
Both of us have MAC and my friend has created EC2 instance & key pair.
My query is how can I export that key pair to my local machine as I need to do SSH to EC2 instance.
Or do I need to create new key pair ?
I am running an AWS EC2 VM for a school project. I accidentally deleted the local key pair on my computer then emptied my recycle bin on my Mac. I dont see a way to redownload the keypair.
There are important things running on the VM that I need.
Is it possible to redownload the local keypair?
I cant even seem to regenerate a new keypair to that instance.
There are two ways to recover the access.
AWS Systems Manager (SSM) automation
To recover access to your Linux instance using AWS Systems Manager (SSM) automation, run the AWSSupport-ResetAccess Automation automation document. For more information, see Reset Passwords and SSH Keys on Amazon EC2 Instances.
Manually recover access
To manually recover access to your Linux instance, create a new key pair to replace the lost key pair. For more information, see Connecting to Your Linux Instance If You Lose Your Private Key.
One of my EC2 instances was hacked a few days ago.
I tried logging in via SSH to the server, but I couldn't connect. I am the only one with access to the private key, and I keep it in a safe place.
Luckily, I had a backup of everything and was able to move the web app to a new instance quite fast.
My concern right now is that I don't know how my instance was hacked in the first place.
Why can't I log in via SSH using my private key? I would assume that the private key stored on the server can't be (easily) deleted.
Is there a way I can find out how the hacker gained access to the instance? Perhaps a log file that would point me in the right direction.
Should I attach the EBS volume in question to a new instance and see what's on it or what are my options in this case?
Right now, it seems I have to access at all to the hacked instance.
Thank you!
#Krishna Kumar R is correct about the hacker probably changing the ssh keys.
Next steps:
Security concerns (do these now!):
Stop the instance, but don't terminate yet
Revoke/expire any sensitive credentials that were stored on the instance, including passwords and keys for other sites and services. Everything stored on that instance should be considered compromised.
Post-mortem
Take an EBS snapshot of the instance's root volume (assuming that's where logs are stored)
Make a new volume from the snapshot and attach to a (non-production) instance
Mount and start reading logs. If this is a linux host and you have port 22 open in the firewall, I'd start with /<mount-point>/var/log/auth.log
They might have logged into your machine via password. In ssh config, check the value of: PasswordAuthentication. If it is set to yes, then users can login to the instance remotely via password. Check /var/log/secure for any remote logins. It will show up all logins (password or key based).
If someone logged in as 'root', they can modify the ssh keys.
The fact that you are unable to login to the machine does not mean that it has been "hacked". It could be due to a configuration change on the instance, or the instance might have changed IP address after a stop/start.
Do a search on StackOverflow for standard solutions to problems connecting to an instance and see if you can connect (eg recheck IP address, check security group, turn on ssh -v debugging, check network connectivity & VPC settings, view Get System Log, etc).
Worst case, yes, you could:
Stop the instance
Detach the EBS volume
Attach the EBS volume to another EC2 instance
Access the content of the EBS volume
My goal is to launch 200 instance of windows node of the same ami in aws. These node come up and connect to my head node. Now, every launch of a new node create a new password for that node. This is hard to manage specially if I want to do group remote maitenance.
I was thinking, maybe I can make all of specific ami to have the same password but do I do that ? Should I modify sysprep condfig file C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml or should I disable both set password for the ec2 config tool and then create a AMI?
If the config file, what exactly should I put in the sysprep2008.xml file?
I have an ec2 instance serving a webpage with apache. I created an autoscaling group using an AMI of this instance in the launch config. Once CPU went over 80% and the autoscale policy ran, a new instance was created. But the CPU of my original instance continued to rise and the CPU of my new instance remained at 0%.
The new instance was not serving the web page. I am guessing this is because apache was not started with the launch of the image. I tried to ssh into the new instance to run "service httpd start" but I got the following error:
ssh: Could not resolve hostname http://ec2-xxx-xx-xxx-xxx.compute-1.amazonaws.com:
nodename nor servname provided, or not known
Why could I not ssh in? How do I configure autoscaling to automatically start apache on launch?
It would appear that you are attempting to ssh to a host with http:// in the hostname. Remove that and ssh should work.
Assuming that you created an AMI to use in AutoScaling, you would need to ensure that you chkconfig httpd on in the source instance before creating a new AMI for AutoScaling.
In order for you to connect to an EC2 instance you need two things:
The Security Group associated with your instance has an inbound rule that allows SSH communication.
Make sure you have the private key generated for the instance. Note: This is only needed if you chose to use a key in the first place.
If those two things are correct, then you can connect to your instance like this:
ssh -i "PATH_TO_YOUR_KEY.pem" ec2-user#ec2-xxx-xx-xxx-xxx.compute-1.amazonaws.com
For the other point, that is, to make sure you can start apache on launch, you can do two things:
As #atbell mentioned on a previous answer, you can make sure that the chkconfig YOUR_SERVICE on is on the AMI used to start your instance.
You can add a command as user data to your LaunchConfiguration so it runs it as soon as the instance is started:
What this will do is run start YOUR_SERVICE start as soon as the instance can respond to commands. So, whenever your AutoScaling group creates another instance, your service will surely be started. Note that the commands added to the user data field of the LaunchConfiguration are, by default, going to be executed as sudo.