Ssh – root locked out of EC2

amazon ec2ssh

I was in the process of disabling root logins on an AWS EC2 instance. Right after setting PermitRootLogin no and restarting sshd, I closed the terminal on accident — before setting up users with sudo privileges. The result is that my key to get into the instance as root does not work (sshd forbids it) and when I log into the instance using my regular user I can't gain root privileges (the root password was never set). The instance is running ubuntu 8.10. Anyone have any idea how can I fix this?

Best Answer

No, don't terminate the instance, all is not lost!!

boot another instance and shut down the bad instance.
detach the EBS volume from the bad instance and attach it to the new instance.
Mount it in the new instance (i.e., something like sudo mount /dev/xvdf1 /mnt/ )
chroot into it (sudo chroot /mnt) and type passwd.
reset the password or make any other changes you like (vi /etc/ssh/sshd_config, for example!)
Press control-D or type exit to exit the chroot.
umount /mnt
detach the EBS volume from your temporary instance
re-attach or take a snap and create a new AMI based on that snapshot
Boot the fixed box back up!

P.S. next time try Userify to manage your users' keys :)

Related Solutions

EC2 instance: non ec2-user not in sudoer file

You need to edit your sudoers filer and enable your admin user. You should only edit your sudoers file with the visudo command as this checks the syntax etc. Something like

admin    ALL=(ALL) ALL

will do. This allows your admin user to execute any command as on any host as any user after supplying a password.

Check the sudoers and sudo man pages

Ssh – Non-root login on EC2 instance

Check that your public SSH key is installed into the /home/non-root/.ssh/authorized_keys file for the non-root user. The Server refused our key message suggests that it isn't or isn't installed correctly.

If you want to use the same SSH key for both root and your non-root users, it might be as simple as copying the /root/.ssh/authorized_keys file into /home/non-root/.ssh/authorized_keys.

Also the message Disconnected: No supported authentication methods available (server sent: publickey) seems to suggest that this SSH server is only configured to allow authentication with SSH keys. If you want to allow password-based authentication also, add PasswordAuthentication yes to your /etc/ssh/sshd_config file and restart sshd.

As for not being prompted for root password when logging in as root, by default, SSH server is configured to prefer SSH key authentication over passwords, so if that succeeds, you aren't asked for the password.

ArchLinux wiki has more info on using SSH keys that might be of use too.

Best Answer

Related Solutions

EC2 instance: non ec2-user not in sudoer file

Ssh – Non-root login on EC2 instance

Related Topic