So last week, an instance on EC2 stopped responding, I still don't know exactly why because I can no longer SSH in, I suspect the /tmp/ directory which was mounted to another drive is no longer accessible for some unknown reason.
I have some very important files I need to get off this server…
I am still able to pull the logs in the AWS console, here are some very relevant lines (I am still able to reboot the server):
Welcome to CentOS release 5.4 (Final)
Press 'I' to enter interactive startup.
Cannot access the Hardware Clock via any known method.
Use the --debug option to see the details of our search for an access method.
Setting clock : Thu Dec 29 13:52:43 EST 2011 [ OK ]
Starting udev: [ OK ]
Setting hostname localhost.localdomain: [ OK ]
No devices found
Setting up Logical Volume Management: File descriptor 7 (/sys/kernel/hotplug) leaked on lvm.static invocation. Parent PID 232: /bin/bash
[ OK ]
Checking filesystems
Checking all file systems.
[/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 202786/1310720 files, 1428718/2621440 blocks
[ OK ]
Remounting root filesystem in read-write mode: [ OK ]
Mounting local filesystems: [ OK ]
Enabling local filesystem quotas: [ OK ]
chown: cannot access `/tmp/.ICE-unix': No such file or directory
Enabling /etc/fstab swaps: [ OK ]
INIT: Entering runlevel: 4
Entering non-interactive startup
Starting background readahead: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0...mktemp: cannot create temp file /tmp/wnt890: No such file or directory
/sbin/dhclient-script: line 57: $rscf: ambiguous redirect
/sbin/dhclient-script: line 62: $rscf: ambiguous redirect
/sbin/dhclient-script: line 69: $rscf: ambiguous redirect
done.
[ OK ]
Starting getsshkey: /etc/rc4.d/S11getsshkey: line 12: /tmp/my-key: No such file or directory
getting ssh-key...
/etc/rc4.d/S11getsshkey: line 17: /tmp/my-key: No such file or directory
getting ssh-key...
I'm certain its not a firewall issue. Here is the output of nmap
[root@ip-xxxxxxxxx ~]# nmap -sS -P0 xxxxxxxxxxx
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-12-29 16:32 EST
Interesting ports on xxxxxx (xxxxxxxxx):
Not shown: 1675 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
25/tcp closed smtp
80/tcp closed http
443/tcp closed https
8000/tcp closed http-alt
Best Answer
I don't think asking anyone on here to help you "hack into a server" is particularly conducive to answers.
Ta Dah! You've just recovered the data, no hacking involved.
Some tools here might help.