• Skip to main content
  • Skip to primary sidebar

Technical Notes Of
Ehi Kioya

Technical Notes Of Ehi Kioya

  • Forums
  • About
  • Contact
MENUMENU
  • Blog Home
  • AWS, Azure, Cloud
  • Backend (Server-Side)
  • Frontend (Client-Side)
  • SharePoint
  • Tools & Resources
    • CM/IN Ruler
    • URL Decoder
    • Text Hasher
    • Word Count
    • IP Lookup
  • Linux & Servers
  • Zero Code Tech
  • WordPress
  • Musings
  • More
    Categories
    • Cloud
    • Server-Side
    • Front-End
    • SharePoint
    • Tools
    • Linux
    • Zero Code
    • WordPress
    • Musings
Home » AWS, Azure, Cloud » Locked Out Of Your AWS EC2 Instance? Here’s How To Regain Access

Locked Out Of Your AWS EC2 Instance? Here’s How To Regain Access

By Ehi Kioya Leave a Comment

I remember having to terminate an entire Amazon EC2 instance because I somehow lost access to it via SSH. Well, looking back, termination really wasn’t necessary. Using the simple process described below, you can easily regain access to the AWS EC2 instance that you locked yourself out of.

These instructions were originally written for Ubuntu. But the same basic concepts should apply to any Linux distro.

Steps To Regain Access

Step 1: Take a snapshot of the root EBS volume associated with your EC2 instance.
NOTE: If you need to maintain 100% uptime, you can go ahead and launch a new EC2 instance using the snapshot you just created. Then you will need to associate the new instance with your current Elastic IP address. That way, your server will continue running while you troubleshoot and fix your access issue on the original volume.

Step 2: Boot up another EC2 instance.

Step 3: Detach the EBS volume from the instance you got locked out of and attach it to the instance you created in Step #2 above.
NOTE: Depending on whether you attached the volume while the instance was already running or not, Linux may boot up using the “corrupt” attached volume and you will still be locked out. So it may be necessary to only attach the volume to the new instance AFTER the new instance is already running.

Step 4: Run lsblk. You should see the default 8GB volume and the second volume you just attached. Note the name of the second volume.

Step 5: Make a temporary directory on root that will act as our mount point. We’ll name this directory “recovery”. You could also use the default /mnt directory.

sudo mkdir recovery

Step 6: Mount your attached volume (the one you got locked out of) using the name of the volume as noted in Step #4 above (this name will of course depend on the path you chose when you attached the volume to the instance in Step #3. You may also have used the default value suggested by AWS). So for example, if you attached your volume to /dev/sdf, it will show up in Linux as /dev/xvdf. Let’s assume that we’re working with /dev/xvdf. Run the following command to perform the mount:

sudo mount /dev/xvdf1 /recovery

Step 7: Now you can just…

cd /recovery/home

and fix your login issue.
If you lost your access key, edit this file “/recovery/home/ubuntu/.ssh/authorized_keys”. You can copy the private key from the new Ubuntu instance that you know you have access to. Worst case, you can even copy the .ssh or the entire “/home/ubuntu” folder from the new instance to the volume you got locked out of.

Step 8: If you’re working with passwords instead of keys, instead of Step #7 above, just chroot into your new mount (sudo chroot /recovery) and type passwd. Then reset the password or make any other changes you like (for example, changes within the “/etc/ssh/sshd_config” file).
Press control-D or type exit to exit the chroot.

Step 9: Unmount the volume:

sudo umount /recovery

Step 10: Stop the instance and detach the now fixed EBS volume.

Step 11: Re-attach the fixed EBS volume to your original Amazon EC2 instance (re-attach it to your boot device /dev/sda1). Boot up and confirm that you now have access.

Step 12: After confirming that the login access issue has been fixed, cleanup all unused artifacts – EC2 instances, EBS volumes, and/or any snapshots you no longer need.

As a general rule, always grab an EBS volume snapshot before making configuration changes. This will save you from risky lockout situations going forward.

Found this article valuable? Want to show your appreciation? Here are some options:

  1. Spread the word! Use these buttons to share this link on your favorite social media sites.
  2. Help me share this on . . .

    • Facebook
    • Twitter
    • LinkedIn
    • Reddit
    • Tumblr
    • Pinterest
    • Pocket
    • Telegram
    • WhatsApp
    • Skype
  3. Sign up to join my audience and receive email notifications when I publish new content.
  4. Contribute by adding a comment using the comments section below.
  5. Follow me on Twitter, LinkedIn, and Facebook.

Related

Filed Under: AWS, Azure, Cloud, Cloud Computing, Linux & Servers Tagged With: Amazon EC2, AWS, Cloud Computing

About Ehi Kioya

I am a Toronto-based Software Engineer. I run this website as part hobby and part business.

To share your thoughts or get help with any of my posts, please drop a comment at the appropriate link.

You can contact me using the form on this page. I'm also on Twitter, LinkedIn, and Facebook.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

26,182
Followers
Follow
30,000
Connections
Connect
14,641
Page Fans
Like

POPULAR   FORUM   TOPICS

  • How to find the title of a song without knowing the lyrics
  • The Art of Exploratory Data Analysis (Part 1)
  • Welcome Message
  • How To Change Or Remove The WordPress Login Error Message
  • Getting Started with SQL: A Beginners Guide to Databases
  • Replacing The Default SQLite Database With PostgreSQL In Django
  • Tips To Speed Up Your Website
  • How To Convert M4A Files To MP3
  • Feature Selection – A Critical Step in Machine Learning
  • Web Scraping of HTML Tables Using R
  • Recently   Popular   Posts   &   Pages
  • Actual Size Online Ruler Actual Size Online Ruler
    I created this page to measure your screen resolution and produce an online ruler of actual size. It's powered with JavaScript and HTML5.
  • Allowing Multiple RDP Sessions In Windows 10 Using The RDP Wrapper Library Allowing Multiple RDP Sessions In Windows 10 Using The RDP Wrapper Library
    This article explains how to bypass the single user remote desktop connection restriction on Windows 10 by using the RDP wrapper library.
  • WordPress Password Hash Generator WordPress Password Hash Generator
    With this WordPress Password Hash Generator, you can convert a password to its hash, and then set a new password directly in the database.
  • Forums
  • About
  • Contact

© 2021   ·   Ehi Kioya   ·   All Rights Reserved
Privacy Policy