当前位置: 文江博客 话题详情

更改 ec2 实例的密钥对

发布于 2024-12-11 23:40:52 字数 74 浏览 0 评论 0 原文

如何在 AWS 管理控制台中更改我的 ec2 实例的密钥对?我可以停止实例,可以创建新的密钥对,但我没有看到任何修改实例密钥对的链接。

原文

How do I change the key pair for my ec2 instance in AWS management console? I can stop the instance, I can create new key pair, but I don't see any link to modify the instance's key pair.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(23

泪是无色的血 2024-12-18 23:40:52

如果您不再能够通过 SSH 访问现有服务器(即您丢失了私钥),此答案很有用。

如果您仍然具有 SSH 访问权限,请使用以下答案之一。

https://docs .aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair

这是我所做的,感谢 Eric Hammond 的博客帖子:

  1. 停止正在运行的 EC2 实例
  2. 分离其 /dev/xvda1 卷(我们称之为卷 A)- 参见此处
  3. 使用我的新密钥对启动新的 t1.micro EC2 实例。 确保您在同一子网中创建它,否则您将必须终止该实例并重新创建它。 - 参见此处
  4. 将卷 A 附加到新卷微实例,如 /dev/xvdf (或 /dev/sdf
  5. 通过 SSH 连接到新的微实例,并将卷 A 挂载到 /mnt/tmp >
$ sudo mkdir /mnt/tmp; sudo mount /dev/xvdf1 /mnt/tmp
  1. 复制~/.ssh/authorized_keys/mnt/tmp/home/ubuntu/.ssh/authorized_keys
  2. 注销
  3. 终止微实例
  4. 从中分离卷 A
  5. 将卷 A 附加回主实例实例为 /dev/xvda
  6. 启动主实例
  7. 像以前一样登录,使用新的 .pem 文件

就是这样。

This answer is useful in the case you no longer have SSH access to the existing server (i.e. you lost your private key).

If you still have SSH access, please use one of the answers below.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair

Here is what I did, thanks to Eric Hammond's blog post:

  1. Stop the running EC2 instance
  2. Detach its /dev/xvda1 volume (let's call it volume A) - see here
  3. Start new t1.micro EC2 instance, using my new key pair. Make sure you create it in the same subnet, otherwise you will have to terminate the instance and create it again. - see here
  4. Attach volume A to the new micro instance, as /dev/xvdf (or /dev/sdf)
  5. SSH to the new micro instance and mount volume A to /mnt/tmp
$ sudo mkdir /mnt/tmp; sudo mount /dev/xvdf1 /mnt/tmp
  1. Copy ~/.ssh/authorized_keys to /mnt/tmp/home/ubuntu/.ssh/authorized_keys
  2. Logout
  3. Terminate micro instance
  4. Detach volume A from it
  5. Attach volume A back to the main instance as /dev/xvda
  6. Start the main instance
  7. Login as before, using your new .pem file

That's it.

回复 原文
零度℉ 2024-12-18 23:40:52

实例启动后,无法在元数据级别更改与实例关联的密钥对,但您可以更改用于连接到实例的 ssh 密钥。

大多数 AMI 上都有一个启动过程,用于下载公共 ssh 密钥并将其安装在 .ssh/authorized_keys 文件中,以便您可以使用相应的私有 ssh 密钥以该用户的身份进行 ssh 登录。

如果您想要更改用于访问实例的 ssh 密钥,您将需要编辑实例本身的authorized_keys 文件并转换为新的 ssh 公钥。

authorized_keys 文件位于您登录用户的主目录下的 .ssh 子目录下。根据您运行的 AMI,它可能位于以下位置之一:

/home/ec2-user/.ssh/authorized_keys
/home/ubuntu/.ssh/authorized_keys
/root/.ssh/authorized_keys

编辑authorized_keys 文件后,始终使用不同终端来确认您能够在断开与实例的连接之前通过 ssh 登录到实例。您用来编辑文件的会话。您不想犯错误并将自己完全锁定在实例之外。

当您考虑 EC2 上的 ssh 密钥对时,我建议您将自己的个人 ssh 公钥上传到 EC2,而不是让 Amazon 为您生成密钥对。

这是我写的一篇关于此的文章:

将个人 ssh 密钥上传到 Amazon EC2
http://alestic.com/2010/10/ec2-ssh-keys

这仅适用于您运行的新实例。

Once an instance has been started, there is no way to change the keypair associated with the instance at a meta data level, but you can change what ssh key you use to connect to the instance.

There is a startup process on most AMIs that downloads the public ssh key and installs it in a .ssh/authorized_keys file so that you can ssh in as that user using the corresponding private ssh key.

If you want to change what ssh key you use to access an instance, you will want to edit the authorized_keys file on the instance itself and convert to your new ssh public key.

The authorized_keys file is under the .ssh subdirectory under the home directory of the user you are logging in as. Depending on the AMI you are running, it might be in one of:

/home/ec2-user/.ssh/authorized_keys
/home/ubuntu/.ssh/authorized_keys
/root/.ssh/authorized_keys

After editing an authorized_keys file, always use a different terminal to confirm that you are able to ssh in to the instance before you disconnect from the session you are using to edit the file. You don't want to make a mistake and lock yourself out of the instance entirely.

While you're thinking about ssh keypairs on EC2, I recommend uploading your own personal ssh public key to EC2 instead of having Amazon generate the keypair for you.

Here's an article I wrote about this:

Uploading Personal ssh Keys to Amazon EC2
http://alestic.com/2010/10/ec2-ssh-keys

This would only apply to new instances you run.

回复 原文
哽咽笑 2024-12-18 23:40:52

下载 AWS pem 后运行此命令。

ssh-keygen -f YOURKEY.pem -y

然后将输出转储到authorized_keys中。

或者将 pem 文件复制到您的 AWS 实例并执行以下命令

chmod 600 YOURKEY.pem

,然后

ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys

Run this command after you download your AWS pem. 

ssh-keygen -f YOURKEY.pem -y

Then dump the output into authorized_keys.

Or copy pem file to your AWS instance and execute following commands

chmod 600 YOURKEY.pem

and then

ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys
回复 原文
油焖大侠 2024-12-18 23:40:52

来自 AWS EC2 支持的说明:

  1. 更改 pem 登录名,
  2. 转至您的 EC2 控制台,
  3. 在“网络”和“网络”下。安全,单击密钥对 单击创建密钥
  4. 对 为新密钥对命名,保存 .pem 文件。的名称
    密钥对将用于连接到您的实例
  5. 创建到您的实例的 SSH 连接并在 PuttyGen 中保持打开状态
  6. ,单击“加载”加载您的 .pem 文件
  7. 保持选中 SSH-2 RSA 单选按钮。点击“保存私钥”
    您将收到弹出窗口警告,单击“是”
  8. 并单击“保存公钥”,以便生成公钥。
    这是我们将复制到您的公钥
    当前实例
  9. 使用新的密钥对名称和
    扩展名 .pub
  10. 在记事本中打开公钥内容
  11. 复制下面的内容“注释:”imported-openssh-key”和之前
    “---- 结束 SSH2 公钥 ----
    注意-您需要复制内容
    作为一行 - 删除
  12. 连接实例上的所有新行,使用以下命令打开您的authorized_keys 文件
    工具六.运行以下命令:vi .ssh/authorized_keys
    您应该会在文件中看到原始公钥,并将
  13. 文件上的光标移动到第一个公钥的末尾
    内容:键入“i”以在
  14. 新行中插入,键入“ssh-rsa”并在粘贴之前添加一个空格
    公钥的内容、空间和 .pem 的名称
    文件(不带 .pem)
    注意 - 您应该得到与前一行格式相同的行,
  15. 按 Esc 键,然后输入 :wq!

这将保存更新的authorized_keys文件

现在尝试使用新密钥对打开到您的实例的新SSH会话

当您确认能够使用新密钥对通过SSH进入实例时,您可以vi .ssh/authorized_key和删除旧密钥。

Shaggie 评论的回答:

如果您无法连接到实例(例如密钥已损坏),请使用 AWS 控制台分离卷 (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) 和将其重新附加到工作实例,而不是更改卷上的密钥并将其重新附加回之前的实例。

Instruction from AWS EC2 support:

  1. Change pem login
  2. go to your EC2 Console
  3. Under NETWORK & SECURITY, click on Key Pair Click on Create Key Pair
  4. Give your new key pair a name, save the .pem file. The name of the
    key pair will be used to connect to your instance
  5. Create SSH connection to your instance and keep it open
  6. in PuttyGen, click "Load" to load your .pem file
  7. Keep the SSH-2 RSA radio button checked. Click on "Save private key"
    You'll get pop-up window warning, click "Yes”
  8. click on "Save public key" as well, so to generate the public key.
    This is the public key that we're going to copy across to your
    current instance
  9. Save the public key with the new key pair name and with the
    extension .pub
  10. Open the public key content in a notepad
  11. copy the content below "Comment: "imported-openssh-key" and before
    "---- END SSH2 PUBLIC KEY ----
    Note - you need to copy the content
    as one line - delete all new lines
  12. on your connected instance, open your authorized_keys file using
    the tool vi. Run the following command: vi .ssh/authorized_keys
    you should see the original public key in the file also
  13. move your cursor on the file to the end of your first public key
    content :type "i" for insert
  14. on the new line, type "ssh-rsa" and add a space before you paste
    the content of the public key , space, and the name of the .pem
    file (without the .pem)
    Note - you should get a line with the same format as the previous line
  15. press the Esc key, and then type :wq!

this will save the updated authorized_keys file

now try open a new SSH session to your instance using your new key pai

When you've confirmed you're able to SSH into the instance using the new key pair, u can vi .ssh/authorized_key and delete the old key.

Answer to Shaggie remark:

If you are unable to connect to the instance (e.g. key is corrupted) than use the AWS console to detach the volume (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) and reattach it to working instance, than change the key on the volume and reattach it back to the previous instance.

回复 原文
み零 2024-12-18 23:40:52

我注意到,当由 Elastic Beanstalk 管理时,您可以更改您的活动 EC2 密钥对。弹性豆茎下>配置>安全性,从 EC2 密钥对下拉列表中选择新密钥。您将看到此消息,询问您是否确定:

EC2KeyName:对选项 EC2KeyName 设置的更改不会生效
立即地。您现有的每个 EC2 实例都将被替换,并且
您的新设置将立即生效。

当我这样做时,我的实例已经终止。然后它开始,终止,然后再次开始。显然“替换”意味着终止并创建一个新实例。如果您修改了启动卷,请先创建 AMI,然后在同一 Elastic Beanstalk > 中指定该 AMI。配置>实例以自定义 AMI ID 形式形成。这还警告有关更换 EC2 实例的问题。

修改 EC2 密钥对和自定义 AMI ID 并看到有关两者的警告后,单击保存继续。

请记住,重新创建实例时 IP 地址会发生变化,因此您需要从 EC2 控制台检索新的 IP 地址,以便在通过 SSH 连接时使用。

I noticed that when managed by Elastic Beanstalk, you can change your active EC2 key pair. Under Elastic Beanstalk > Configuration > Security, choose the new key from the EC2 key pair drop-down. You'll see this message asking if you're sure:

EC2KeyName: Changes to option EC2KeyName settings will not take effect
immediately. Each of your existing EC2 instances will be replaced and
your new settings will take effect then.

My instance was already terminated when I did this. It then started, terminated, and started again. Apparently "replacing" means terminating and creating a new instance. If you've modified your boot volume, create an AMI first, then specify that AMI in the same Elastic Beanstalk > Configuration > Instances form as the Custom AMI ID. This also warns about replacing the EC2 instances.

After you've modified your EC2 key pair and Custom AMI ID, and after seeing warnings about both, click Save to continue.

Remember that the IP address changes when the instance is re-created so you'll need to retrieve a new IP address from the EC2 console to use when connecting via SSH.

回复 原文
も星光 2024-12-18 23:40:52

我经历了这种方法,一段时间后,能够使其发挥作用。缺乏实际的命令让事情变得很困难,但我想通了。然而,不久之后就发现并测试了更简单的方法:

  1. 将您的实例保存为 AMI(无论是否重新启动,我建议重新启动)。这只有在 EBS 支持的情况下才有效。
  2. 然后,只需从此 AMI 启动一个实例并分配新的密钥文件即可。
  3. 将您的弹性 IP(如果适用)移至新实例,然后就完成了。

I went through this approach, and after some time, was able to make it work. The lack of actual commands made it tough, but I figured it out. HOWEVER - much easier approach was found and tested shortly after:

  1. Save your instance as an AMI (reboot or not, I suggest reboot). This will only work if EBS backed.
  2. Then, simply start an instance from this AMI and assign your new Keyfile.
  3. Move over your elastic IP (if applicable) to your new instance, and you are done.
回复 原文
复古式 2024-12-18 23:40:52

步骤:

  1. 创建新密钥,例如使用 AWS 控制台、PuTTY 密钥生成器或 ssh-keygen
  2. 停止实例
  3. 设置实例用户数据以将公钥推送到服务器
  4. 启动实例

在此处输入图像描述

#cloud-config
cloud_final_modules:
- [once]
bootcmd:
 - echo 'ssh-rsa AAAAB3Nz...' > /home/USERNAME/.ssh/authorized_keys

其中 USERNAME 是的预期用户名 机器。默认用户名列表为 可从 AWS 获取

AWS 的分步说明

Steps:

  1. Create new key e.g. using AWS console, the PuTTY Key Generator, or ssh-keygen
  2. Stop instance
  3. Set instance user data to push public key to server
  4. Start instance

enter image description here

#cloud-config
cloud_final_modules:
- [once]
bootcmd:
 - echo 'ssh-rsa AAAAB3Nz...' > /home/USERNAME/.ssh/authorized_keys

Where USERNAME is the expected username for the machine. A listed of default usernames is available from AWS.

Step-by-step instructions from AWS

回复 原文
毅然前行 2024-12-18 23:40:52

此问题询问两种情况:-

1) 您无权访问 .pem 文件,这就是您想要创建新文件的原因。

2) 您拥有 .pem 文件访问权限,但您只想出于某些漏洞或安全目的更改或创建新的 .pem 文件。

因此,如果您丢失了钥匙,您可以向上滚动并查看其他答案。但是如果您只是出于安全目的更改 .pem 文件,请按照以下步骤操作:-

1)转到AWS控制台登录并从密钥对创建一个新的.pem文件
那边的部分。它会自动下载 .pem 文件到
你的电脑

2) 如果您使用的是 Linux/ubuntu,请将权限更改为 400,请点击以下内容
命令

chmod 400 yournewfile.pem

3)在本地计算机中为新下载的文件生成 RSA

ssh-keygen -f yournewfile.pem -y

4)从此处复制 RSA 代码

5) 现在通过之前的 .pem 文件通过 SSH 连接到您的实例

ssh -i oldpemfileName.pem username@ipaddress

sudo vim  ~/.ssh/authorized_keys

6)留出一到两行空间并将新文件复制的 RSA 粘贴到此处
然后保存文件

7) 现在您的新 .pem 文件已与正在运行的实例链接

8)如果您想禁用以前的 .pem 文件访问,只需编辑 

sudo vim ~/.ssh/authorized_keys

并从此处删除或更改以前的 RSA。

注意:- 小心删除,以免新创建的 RSA 被更改。

通过这种方式,您可以更改/连接新的 .pem 文件与正在运行的实例。

出于安全目的,您可以撤销对先前生成的 .pem 文件的访问权限。

希望它会有所帮助!

There are two scenarios asked in this question:-

1)You don't have access to the .pem file that's why you want to create a new one.

2)You have the .pem file access with you but you just want to change or create a new .pem file for some vulnerability or security purposes.

So if you lost your keys you can scroll up and see other answers. But if you just simply change your .pem file for security purposes follow the steps:-

1)Go to AWS console login and create a new .pem file from the key-pair
section over there. It will automatically downloaded .pem file into
your pc

2)change permission to 400 if you are using Linux/ubuntu hit the below
command

chmod 400 yournewfile.pem

3)Generate RSA of the newly-downloaded file in your local machine

ssh-keygen -f yournewfile.pem -y

4)Copy the RSA code from here

5)Now SSH to your instance via previous .pem file

ssh -i oldpemfileName.pem username@ipaddress

sudo vim  ~/.ssh/authorized_keys

6)Give one-two lines space and paste the copied RSA of new file here
and then save the file

7)Now your new .pem file is linked with the running instance

8)If you want to disable the previous .pem file access then just edit
the

sudo vim ~/.ssh/authorized_keys

file and remove or change the previous RSA from here.

Note:- Remove carefully so that newly created RSA not get changed.

In this way, you can change/connect the new .pem file with your running instance.

You can revoke access to previously generated .pem file due to security purposes.

Hope it would help!

回复 原文
江心雾 2024-12-18 23:40:52

我相信最简单的方法是:

  1. 创建现有实例的 AMI 映像。
  2. 使用 AMI 映像(由步骤 1 创建)和新密钥对启动新的 EC2 实例。
  3. 使用新密钥登录新的 EC2 实例。

I believe the simpliest aproach is to :

  1. Create AMI image of existing instance.
  2. Launch new EC2 instance using AMI image (crated by step 1) with new key pair.
  3. Login to new EC2 instance with new key.
回复 原文
陈年往事 2024-12-18 23:40:52

如果遵循以下步骤,将节省大量时间,并且无需停止正在运行的实例。

  1. 使用新密钥对启动新的 t1.micro EC2 实例。 确保您在同一子网中创建它,否则您将必须终止该实例并重新创建它。
  2. 通过 SSH 连接到新的微实例,并将 ~/.ssh/authorized_keys 的内容复制到计算机上的某个位置。
  3. 使用旧 ssh 密钥登录主实例。
  4. 复制&将第2点中的文件内容替换为~/.ssh/authorized_keys
  5. 现在您只能使用新密钥再次登录。旧钥匙将不再起作用。

就是这样。享受:)

If below steps are followed it will save lot of time and there will be no need to stop the running instance.

  1. Start new t1.micro EC2 instance, using new key pair. Make sure you create it in the same subnet, otherwise you will have to terminate the instance and create it again.
  2. SSH to the new micro instance and copy content of ~/.ssh/authorized_keys somewhere on your computer.
  3. Login to main instance with old ssh key.
  4. Copy & replace the file content from point 2 to ~/.ssh/authorized_keys
  5. Now you can login again only with new key. Old key will not work anymore.

That is it. Enjoy :)

回复 原文
メ斷腸人バ 2024-12-18 23:40:52

如果您使用的是 ElasticBeanstalk 平台,您可以通过以下方式更改密钥:

  • Elastic Beanstalk 面板
  • 配置
  • 实例(右上角的齿轮)
  • EC2 密钥对

这将终止当前实例并使用所选密钥/设置创建新实例。

In case you are using ElasticBeanstalk platform, you can change the keys by going:

  • Elastic Beanstalk panel
  • Configuration
  • Instances (cog top-right)
  • EC2 key pair

This will terminate current instance and creates new one with chosen keys/settings.

回复 原文
带刺的爱情 2024-12-18 23:40:52

最简单的解决方案是将 的内容复制

~/.ssh/id_rsa.pub

到您的 AWS 实例的authorized_keys at

~/.ssh/authorized_keys

这将允许您通过 ssh 进入 EC2 实例,而无需为 ssh 命令指定 pem 文件。测试连接后,您可以删除所有其他键。

如果您需要创建一个新密钥以与其他人共享,您可以使用:

ssh-keygen -t rsa

这将创建 private key.pem 文件,并且您可以通过以下方式获取该密钥的公钥:

ssh-keygen -f private_key.pem -y > public_key.pub

任何拥有 private_key.pem 的人都将是能够连接到

ssh [email protected] -i private_key.pem

The simplest solution is to copy the contents of

~/.ssh/id_rsa.pub

into your AWS instance's authorized_keys at

~/.ssh/authorized_keys

This will allow you to ssh into the EC2 instance without specifying a pem file for the ssh command. You can remove all other keys once you've tested connecting to it.

If you need to create a new key to share it with someone else, you can do that with:

ssh-keygen -t rsa

which will create the private key.pem file, and you can get the public key of that with:

ssh-keygen -f private_key.pem -y > public_key.pub

Anyone who has private_key.pem will be able to connect with

ssh [email protected] -i private_key.pem
回复 原文
千里故人稀 2024-12-18 23:40:52

您无需轮换根设备并更改 authorized_keys 中的 SSH 公钥。为此,可以利用 userdata 将 ssh 密钥添加到任何实例。首先,您需要使用 AWS 控制台或通过 ssh-keygen 创建一个新的密钥对。

ssh-keygen -f YOURKEY.pem -y

这将为您的新 SSH 密钥对生成公钥,复制此公钥并在下面的脚本中使用它。

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0

--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config
cloud_final_modules:
- [scripts-user, always]

--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"

#!/bin/bash
/bin/echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6xigPPA/BAjDPJFflqNuJt5QY5IBeBwkVoow/uBJ8Rorke/GT4KMHJ3Ap2HjsvjYrkQaKANFDfqrizCmb5PfAovUjojvU1M8jYcjkwPG6hIcAXrD5yXdNcZkE7hGK4qf2BRY57E3s25Ay3zKjvdMaTplbJ4yfM0UAccmhKw/SmH0osFhkvQp/wVDzo0PyLErnuLQ5UoMAIYI6TUpOjmTOX9OI/k/zUHOKjHNJ1cFBdpnLTLdsUbvIJbmJ6oxjSrOSTuc5mk7M8HHOJQ9JITGb5LvJgJ9Bcd8gayTXo58BukbkwAX7WsqCmac4OXMNoMOpZ1Cj6BVOOjhluOgYZbLr" >> /home/hardeep/.ssh/authorized_keys
--//

重新启动后,计算机将具有指定的 SSH 公钥。
第一次重新启动后删除用户数据。详细了解启动时的用户数据

You don't need to rotate root device and change the SSH Public Key in authorized_keys. For that can utilize userdata to add you ssh keys to any instance. For that first you need to create a new KeyPair using AWS console or through ssh-keygen.

ssh-keygen -f YOURKEY.pem -y

This will generate public key for your new SSH KeyPair, copy this public key and use it in below script.

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0

--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config
cloud_final_modules:
- [scripts-user, always]

--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"

#!/bin/bash
/bin/echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6xigPPA/BAjDPJFflqNuJt5QY5IBeBwkVoow/uBJ8Rorke/GT4KMHJ3Ap2HjsvjYrkQaKANFDfqrizCmb5PfAovUjojvU1M8jYcjkwPG6hIcAXrD5yXdNcZkE7hGK4qf2BRY57E3s25Ay3zKjvdMaTplbJ4yfM0UAccmhKw/SmH0osFhkvQp/wVDzo0PyLErnuLQ5UoMAIYI6TUpOjmTOX9OI/k/zUHOKjHNJ1cFBdpnLTLdsUbvIJbmJ6oxjSrOSTuc5mk7M8HHOJQ9JITGb5LvJgJ9Bcd8gayTXo58BukbkwAX7WsqCmac4OXMNoMOpZ1Cj6BVOOjhluOgYZbLr" >> /home/hardeep/.ssh/authorized_keys
--//

After the restart the machine will be having the specified SSH publch key.
Remove the userdata after first restart. Read more about userdata on startup.

回复 原文
节枝 2024-12-18 23:40:52

我已尝试以下步骤,并且它在不停止实例的情况下有效。我的要求是 - 由于我更改了客户端计算机,旧的 .pem 文件不允许我登录到 ec2 实例。

  1. 使用旧计算机上的旧 .pem 文件登录到 ec2 实例。打开 ~/.ssh/authorized_keys

您将在该文件中看到旧密钥。

  1. ssh-keygen -f YOUR_PEM_FILE.pem -y
    它将生成一个密钥。将密钥附加到步骤#1 中打开的 ~/.ssh/authorized_keys 中。无需删除旧密钥。

  2. 从 AWS 控制台创建一个新的密钥对。将其存放在您的新机器中。将其重命名为旧的 pem 文件 - 原因是旧的 pem 文件仍然与 AWS 中的 ec2 实例关联。

全部完成。

我能够从我的新客户端计算机登录到 AWS ec2。

I have tried below steps and it worked without stopping the instance. My requirement was - as I have changed my client machine, the old .pem file was not allowing me to log in to the ec2 instance.

  1. Log in to the ec2 instance using your old .pem file from the old machine. Open ~/.ssh/authorized_keys

You will see your old keys in that file.

  1. ssh-keygen -f YOUR_PEM_FILE.pem -y
    It will generate a key. Append the key to ~/.ssh/authorized_keys opened in step#1. No need to delete the old key.

  2. From AWS console, create a new key pair. Store it in your new machine. Rename it to the old pem file - reason is old pem file is still associated with the ec2 instance in AWS.

All done.

I am able to log in to the AWS ec2 from my new client machine.

回复 原文
玩心态 2024-12-18 23:40:52

您有多种选择来替换 EC2 实例的密钥。

  1. 您可以在 .ssh/authorized_keys 文件中手动替换密钥。但是,这要求您实际访问实例或卷(如果未加密)。
  2. 您可以使用 AWS Systems Manager。这需要安装代理。

由于可以在答案或您选择的搜索引擎中轻松找到第一个选项,因此我想重点关注系统管理器。

  1. 打开服务Systems Manager
  2. 单击左侧的Automation
  3. 单击执行自动化
  4. 选择AWSSupport-TroubleshootSSH(通常位于最后一页)

您可以在 官方 AWS 文档

You have several options to replace the key of your EC2 instance.

  1. You can replace the key manually in the .ssh/authorized_keys file. However this requires you to have actually access to the instance or the volume if this is unencrypted.
  2. You can use the AWS Systems Manager. This requires to have an agent installed.

Since the first option can be found easily in the answers or at the search engine of your choice, I want to focus on the Systems Manager.

  1. Open the Service Systems Manager
  2. Click on Automation on the left side.
  3. Click on Execute Automation
  4. Select AWSSupport-TroubleshootSSH (usually it is on the last page)

You can find more information on the Official AWS Documentation

回复 原文
○愚か者の日 2024-12-18 23:40:52

谢谢你们的提示。当我需要休息密钥对时,一定会记住它们。
然而,为了提高效率和懒惰,我想出了其他办法:

  1. 创建新的密钥对并下载凭证
  2. 右键单击您的实例>创建 AMI 完成后,
  3. 终止您的实例(或者只是停止它,直到您确定可以从新的闪亮 AMI 创建另一个实例)
  4. 从您刚刚创建的 AMI 启动一个新的 EC2 实例,并指定在步骤 ( 1)同上。

希望这对您有用,节省您一些时间,并最大程度地减少您因此类事情而产生的白发数量:)

Thanks for the tips guys. Will definitely keep them in mind when I need to rest the key pairs.
However, in the interest of efficiency and laziness I've come up with something else:

  1. Create your new key pair and download the credentials
  2. Right-click your instance > Create AMI Once it is done
  3. terminate your instance (or just stop it until you are sure you can create another one from your new shiny AMI)
  4. Start a new EC2 instance from the AMI you just created and specify your new key pair created in step (1) above.

Hope this can be of use to you and save you some time as well as minimize the amount of white hair you get from stuff like this :)

回复 原文
怎樣才叫好 2024-12-18 23:40:52

您可以执行的操作...

  1. 创建附加了 AmazonEC2RoleForSSM 策略的新实例配置文件/角色。

  2. 将此实例配置文件附加到实例。

  3. 使用SSM会话管理器登录实例。
  4. 在本地计算机上使用 keygen 创建密钥对。
  5. 使用 SSM 会话将该密钥的公共部分推送到实例上。
  6. 利润。

What you can do...

  1. Create a new Instance Profile / Role that has the AmazonEC2RoleForSSM policy attached.

  2. Attach this Instance Profile to the instance.

  3. Use SSM Session Manager to login to the instance.
  4. Use keygen on your local machine to create a key pair.
  5. Push the public part of that key onto the instance using your SSM session.
  6. Profit.
回复 原文
↙温凉少女 2024-12-18 23:40:52

这适用于拥有两个不同 pem 文件并且出于任何安全目的想要丢弃这两个文件之一的人。假设我们要丢弃 1.pem

  1. 连接服务器 2 并从 ~/.ssh/authorized_keys 复制 ssh 密钥
  2. 在另一个终端中连接服务器 1 并将密钥粘贴到 ~/.ssh/authorized_keys 中。现在,您将在这里拥有两个公共 ssh 密钥。
  3. 现在,为了您的信心,请尝试使用 2.pem 连接服务器 1。您将能够使用 1.pem 和 2.pem 连接服务器 1
  4. 现在,注释 1.pem ssh 并使用 ssh -i 2.pem user@server1 进行连接

This is for them who has two different pem file and for any security purpose want to discard one of the two. Let's say we want to discard 1.pem

  1. Connect with server 2 and copy ssh key from ~/.ssh/authorized_keys
  2. Connect with server 1 in another terminal and paste the key in ~/.ssh/authorized_keys. You will have now two public ssh key here
  3. Now, just for your confidence, try to connect with server 1 with 2.pem. You will be able to connect server 1 with both 1.pem and 2.pem
  4. Now, comment the 1.pem ssh and connect using ssh -i 2.pem user@server1
回复 原文
不语却知心 2024-12-18 23:40:52

如果有人因为没有密钥对而无法访问 EC2 实例,但他们有 IAM 访问权限,您可以运行以下命令以允许临时访问(60 秒)只要您知道用户名(对于 ubuntu 实例,通常为“ubuntu”,对于 amazon Linux 实例,通常为“ec2-user”):(

aws ec2-instance-connect send-ssh-public-key --region ${your-aws-region} --instance-id ${your-instance-id} --availability-zone ${your-instance-az} --instance-os-user ${username} --ssh-public-key file://path/to/public/key

如果您的帐户中有多个凭证配置文件) ~/.aws/credentials 文件,您还可以通过向此命令添加标志“--profile your-profile”来指定)

如果成功,输出将如下所示:

{
"RequestId": "3537268d-c161-41bb-a4ac-977b79b2bdc0",
"Success": true
}

然后您有 60 秒的时间使用该密钥进行 ssh。

If anybody is here because they can't access an EC2 instance because they don't have the keypair, but they do have IAM access, you can run the following command to allow temporary access (60 seconds) to your EC2 instance using a key you already have, as long as you know the username (which is usually 'ubuntu' for ubuntu instances or 'ec2-user' for amazon linux instances):

aws ec2-instance-connect send-ssh-public-key --region ${your-aws-region} --instance-id ${your-instance-id} --availability-zone ${your-instance-az} --instance-os-user ${username} --ssh-public-key file://path/to/public/key

(If you have multiple credentials profiles in your ~/.aws/credentials file you can specify by also adding the flag '--profile your-profile' to this command)

The output will look something like this if successful:

{
"RequestId": "3537268d-c161-41bb-a4ac-977b79b2bdc0",
"Success": true
}

Then you have 60 seconds to ssh in using that key.

回复 原文
时光与爱终年不遇 2024-12-18 23:40:52

Yegor256的答案对我有用,但我想我只需添加一些评论来帮助那些不太擅长安装驱动器的人(比如我!):

亚马逊让您在附加卷时可以选择要命名的卷。您使用的名称范围为 /dev/sda - /dev/sdp
然后,较新版本的 Ubuntu 会将您放入其中的内容重命名为 /dev/xvd(x) 或类似的名称。

所以对我来说,我选择 /dev/sdp 作为 AWS 中的挂载名称,然后我登录到服务器,发现 Ubuntu 已将我的卷重命名为 /dev/xvdp1)。然后我必须安装驱动器 - 对我来说,我必须这样做:

mount -t ext4 xvdp1 /mnt/tmp

在跳过所有这些麻烦之后,我可以访问 /mnt/tmp 处的文件

Yegor256's answer worked for me, but I thought I would just add some comments to help out those who are not so good at mounting drives(like me!):

Amazon gives you a choice of what you want to name the volume when you attach it. You have use a name in the range from /dev/sda - /dev/sdp
The newer versions of Ubuntu will then rename what you put in there to /dev/xvd(x) or something to that effect.

So for me, I chose /dev/sdp as name the mount name in AWS, then I logged into the server, and discovered that Ubuntu had renamed my volume to /dev/xvdp1). I then had to mount the drive - for me I had to do it like this:

mount -t ext4 xvdp1 /mnt/tmp

After jumping through all those hoops I could access my files at /mnt/tmp

回复 原文
合久必婚 2024-12-18 23:40:52

仅当您有权访问要更改/添加密钥的实例时,此操作才有效。
您可以创建一个新的密钥对。或者,如果您已经拥有密钥对,则可以将新密钥对的公钥粘贴到实例上的authorized_keys 文件中。

vim .ssh/authorized_keys

现在您可以使用该对的私钥并登录。

希望这会有所帮助。

This will work only if you have access to the instance you want to change/add the key in.
You can create a new key pair. Or if you already have the key pair, then you can paste the public key of the new pair in the authorized_keys file on your instance.

vim .ssh/authorized_keys

Now you can use the private key for that pair and log in.

Hope this helps.

回复 原文
濫情▎り 2024-12-18 23:40:52

如果您无法登录虚拟机并删除了 ssh 密钥,您还可以使用以下步骤更改 ec2 的密钥对。
一步一步走
1)停止您的ec2实例。
2)拍摄虚拟机和存储的快照。
3)创建一个新的虚拟机,同时选择您的快照并从您的快照创建虚拟机。
4)创建VM时下载您的密钥对。
5) 一旦您的虚拟机启动,您就可以使用新的密钥对进行 ssh,您的数据也将恢复。

if you are unable to login in VM and deleted your ssh key's and you can also change the key pair of your ec2 using below steps.
Go step by step
1) stop your ec2 instance.
2)take a snapshot of VM and storage.
3)create a new VM while creating it select your snapshot and create VM from your Snapshot.
4) while the creation of VM downloads your keypair.
5) once your VM UP you can ssh with a new key pair and your data will also back.

回复 原文
巷雨优美回忆 2024-12-18 23:40:52

替代解决方案。如果您拥有服务器上的唯一访问权限。在这种情况下,请勿从 AWS 控制台删除 pem 文件。只需从 sudo nano ~/.ssh/authroized_keys 中删除 pem 访问密钥并添加您的系统公共 ssh 密钥即可。现在您可以访问ssh [电子邮件受保护]

Alternate solution. If you have the only access on server. In that case don't remove pem file from AWS console. Just remove pem access key from sudo nano ~/.ssh/authroized_keys and add your system public ssh key. Now you have the access ssh [email protected]

回复 原文
~没有更多了~

关于作者

放赐

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

醉城メ夜风

文章 0 评论 0

远昼

文章 0 评论 0

平生欢

文章 0 评论 0

微凉

文章 0 评论 0

Honwey

文章 0 评论 0

qq_ikhFfg

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文