• Skip to main content
  • Skip to primary sidebar

Technical Notes Of
Ehi Kioya

Technical Notes Of Ehi Kioya

  • Blog
  • Shop
  • Forums
  • Subscribe
  • About
  • Contact
MENUMENU
  • Blog Home
  • AWS, Azure, Cloud
  • Backend (Server-Side)
  • Frontend (Client-Side)
  • SharePoint
  • Tools & Resources
    • CM/IN Ruler
    • URL Decoder
    • Text Hasher
  • Linux & Servers
  • Zero Code Tech
  • WordPress
  • Musings
  • More
    Categories
    • Cloud
    • Server-Side
    • Front-End
    • SharePoint
    • Tools
    • Linux
    • Zero Code
    • WordPress
    • Musings
Home » AWS, Azure, Cloud » Locked Out Of Your AWS EC2 Instance? Here’s How To Regain Access

Locked Out Of Your AWS EC2 Instance? Here’s How To Regain Access

July 17, 2018 by Ehi Kioya Leave a Comment

I remember having to terminate an entire Amazon EC2 instance because I somehow lost access to it via SSH. Well, looking back, termination really wasn’t necessary. Using the simple process described below, you can easily regain access to the AWS EC2 instance that you locked yourself out of.

These instructions were originally written for Ubuntu. But the same basic concepts should apply to any Linux distro.

Steps To Regain Access

Step 1: Take a snapshot of the root EBS volume associated with your EC2 instance.
NOTE: If you need to maintain 100% uptime, you can go ahead and launch a new EC2 instance using the snapshot you just created. Then you will need to associate the new instance with your current Elastic IP address. That way, your server will continue running while you troubleshoot and fix your access issue on the original volume.

Step 2: Boot up another EC2 instance.

Step 3: Detach the EBS volume from the instance you got locked out of and attach it to the instance you created in Step #2 above.
NOTE: Depending on whether you attached the volume while the instance was already running or not, Linux may boot up using the “corrupt” attached volume and you will still be locked out. So it may be necessary to only attach the volume to the new instance AFTER the new instance is already running.

Step 4: Run lsblk. You should see the default 8GB volume and the second volume you just attached. Note the name of the second volume.

Step 5: Make a temporary directory on root that will act as our mount point. We’ll name this directory “recovery”. You could also use the default /mnt directory.

sudo mkdir recovery

Step 6: Mount your attached volume (the one you got locked out of) using the name of the volume as noted in Step #4 above (this name will of course depend on the path you chose when you attached the volume to the instance in Step #3. You may also have used the default value suggested by AWS). So for example, if you attached your volume to /dev/sdf, it will show up in Linux as /dev/xvdf. Let’s assume that we’re working with /dev/xvdf. Run the following command to perform the mount:

sudo mount /dev/xvdf1 /recovery

Step 7: Now you can just…

cd /recovery/home

and fix your login issue.
If you lost your access key, edit this file “/recovery/home/ubuntu/.ssh/authorized_keys”. You can copy the private key from the new Ubuntu instance that you know you have access to. Worst case, you can even copy the .ssh or the entire “/home/ubuntu” folder from the new instance to the volume you got locked out of.

Step 8: If you’re working with passwords instead of keys, instead of Step #7 above, just chroot into your new mount (sudo chroot /recovery) and type passwd. Then reset the password or make any other changes you like (for example, changes within the “/etc/ssh/sshd_config” file).
Press control-D or type exit to exit the chroot.

Step 9: Unmount the volume:

sudo umount /recovery

Step 10: Stop the instance and detach the now fixed EBS volume.

Step 11: Re-attach the fixed EBS volume to your original Amazon EC2 instance (re-attach it to your boot device /dev/sda1). Boot up and confirm that you now have access.

Step 12: After confirming that the login access issue has been fixed, cleanup all unused artifacts – EC2 instances, EBS volumes, and/or any snapshots you no longer need.

As a general rule, always grab an EBS volume snapshot before making configuration changes. This will save you from risky lockout situations going forward.

Found this article valuable? Want to show your appreciation? Here are some options:

  1. Spread the word! Use these buttons to share this link on your favorite social media sites.
  2. Help me share this on . . .

    • Facebook
    • Twitter
    • LinkedIn
    • Reddit
    • Tumblr
    • Pinterest
    • Pocket
    • Telegram
    • WhatsApp
    • Skype
  3. Sign up to join my audience and receive email notifications when I publish new content.
  4. Contribute by adding a comment using the comments section below.
  5. Follow me on Twitter, LinkedIn, and Facebook.

Other Articles You May Like:

Filed Under: AWS, Azure, Cloud, Cloud Computing, Linux & Servers Tagged With: Amazon EC2, AWS, Cloud Computing

About Ehi Kioya

I am a Toronto-based Solutions Architect and Lead Software Developer of an outsourced team.

I run this technology blog, as well as this consumer products shop.

You can read more about me here, and connect with me via Twitter, LinkedIn, and Facebook.

If you want to collaborate or talk to me privately, send me an email using this form. But please note that I don't answer questions or provide support via email.

To share your thoughts or get help with any of my posts, drop a comment at the appropriate link.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

426,009
Followers
Follow
30,000
Connections
Connect
15,217
Page Fans
Like

FROM   THE   SHOP

  • Stay Wild Camping Mug

    Stay Wild Camping Mug
    Rate this product:

    Cheer up a loved one with this Stay Wild Camping Mug. Made from durable and lightweight material, the mug makes a great outdoor companion. Unlike regular ceramic mugs, this enamel mug cannot be broken since it’s made of metal.

    $12.99 (as of Dec 5, 2019 - 3:39 pm) Check it out
  • Recently   Popular   Posts   &   Pages
  • Allowing Multiple RDP Sessions In Windows 10 Using The RDP Wrapper Library Allowing Multiple RDP Sessions In Windows 10 Using The RDP Wrapper Library
    This article explains how to bypass the single user remote desktop connection restriction on Windows 10 by using the RDP wrapper library.
  • Actual Size Online Ruler Actual Size Online Ruler
    I created this page to measure your screen resolution and produce an online ruler of actual size. It's powered with JavaScript and HTML5.
  • Get XML Document Nodes Recursively with C# Get XML Document Nodes Recursively with C#
    Here are two methods to get XML document nodes, child nodes and so on. The first method uses DOM. The second method uses LINQ to XML.
  • WordPress Password Hash Generator WordPress Password Hash Generator
    With this WordPress Password Hash Generator, you can convert a password to its hash, and then set a new password directly in the database.
  • How To Shrink Amazon EBS Volumes (Root Or Non-Root) How To Shrink Amazon EBS Volumes (Root Or Non-Root)
    In this article, I describe a technique to shrink Amazon EBS volumes. This is very useful if you ever mistakenly over-allocate your EBS.

FROM   BLOG   READERS…

  • GSLB.me on Round Robin DNS: How to Assign Multiple IP Addresses to One DomainPlain dns-based round robin is by definition unaware of whether target hosts are available or not, and this limits real-world applicability of such a…
  • Hafiz Aziz on Setting Up A SharePoint Development MachineThanks Ehi. Your posts are second to none. I love how well you write and make what seems complex really easy to understand. I've just bookmarked this…
  • Alan Bombria on Forcefully Clear Jobs from the Print Queue or SpoolerMy batch file: net stop spooler del /F /Q %systemroot%System32spoolPRINTERS* net start spooler
  • Henry Mencken on Pros And Cons Of PayPal Payment Processing"One of the major concerns people have about using PayPal is that they don't have rights to their money while it is in their PayPal account." That one…
  • Osobase on Content Marketing In The Age Of Responsive Web DesignBeing in the business of web design and development, it's been interesting to see how businesses have adapted to this change. At first, it was near to…
  • Chinoms on No More Like-Gating with Facebook Popups on Your SiteI've been waiting for Facebook to do this. Glad they finally did it.
  • mwendwakilundo on Reverse Email Search: Find The Person Behind That Email!Pardon my ignorance if any,, most of the lookup sites are just USA based. Are there any that are world wide save Facebook and Google
  • Blog
  • Shop
  • Forums
  • Subscribe
  • About
  • Contact

© 2019   ·   Ehi Kioya   ·   All Rights Reserved
Privacy Policy