Not able to login to EC2 instance after making changes to default ec2-user

amazon ec2amazon-ami

I have been using key pairs to log in to my EC2 instance without any problems until I made some changes to the ec2-user.

I changed the group of the ec2-user (usermod) and changed the default file permission (umask), to give write permissions to the group.

I am not able to log in since this change. I get a "Server refused our key" error for the ec2-user.

The key has not been modified in any way. after changing the ec2-user permissions we are not able to login that is sure .

Has anyone faced similar issues? Are we not expected to change properties/permissions of the default ec2-user? How does one recover from this situation?

Thanks!

Best Answer

Loosing access to an Amazon EC2 instance is a common encounter - how to approach this situation when you don't know the reason yet is addressed in Eric Hammond's excellent summary Solving: "I can't connect to my server on Amazon EC2".

However, since you already now that the problem is permission related, you can apply his respective instructions Fixing Files on the Root EBS Volume of an EC2 Instance right away, see my answer to the related question Fixing Amazon EC2 Permissions for a short summary of this approach.

Good luck!

Related Solutions

Ec2 instance is unable to connect after restart

When you create an instance there is an option to select one of your existing key pairs or create a new one. You, simply, have not selected the same key-pair for the small instance as applied to the micro.

Look at the two instances in the AWS dashboard, under the description tab you'll find the "Key Pair Name" field.

Unfortunately, you cannot change the the key pair of a running instance. You need to recreate the small instance and double check the key pair you use.

Otherwise, check what the new key pair and to obtain the public key, log into your account, go to Security Credentials and click on the Key Pairs tab.

If you don't have a copy of the private key, that cannot be recovered.

Amazon EC2 – Unable to SSH After Changing Permissions to Home Directory

SSH parameter -i expects that the next parameter is the key name.

In your case -iv tells ssh to read the key from file v - not quite what you wanted :) The flow-on effect is that the next parameter (the key name) is deemed to be the host name, which it obviously can't resolve.

This will work:

ssh -v -i ~/Amazon-Permission/FooDev.pem ec2-user@ec2-...

Update after your update :)

If you did recursive chmod 700 it changed the authorized_keys mode too. Mount the volume back to your little "helper" instance and do:

chmod 600 home/ec2-user/.ssh/authorized_keys

Update 2

Your home/ must be mode 755 and not 700. Otherwise ssh can't check open the file as ec2-user.

chmod 755 home
chmod 700 home/ec2-user home/ec2-user/.ssh
chmod 600 home/ec2-user/.ssh/authorized_keys

Hope that helps :)