How to recover lost private key of an EC2 instance

0 votes

I have lost the private key of my EC2 instance. I looked for it in the AWS Management Console but couldn't find it, Any suggestions? 

Sep 25, 2018 in AWS by datageek
• 2,530 points
8,207 views

2 answers to this question.

0 votes

I'm afraid it's not possible

When you launch an instance, you should specify the name of the key pair you plan to use to connect to the instance. If you don't specify the name of an existing key pair when you launch an instance, you won't be able to connect to the instance. When you connect to the instance, you must specify the private key that corresponds to the key pair you specified when you launched the instance. Amazon EC2 doesn't keep a copy of your private key; therefore, if you lose a private key, there is no way to recover it. If you lose the private key for an instance store-backed instance, you can't access the instance; you should terminate the instance and launch another instance using a new key pair. If you lose the private key for an EBS-backed Linux instance, you can regain access to your instance. For more information, see Connecting to Your Linux Instance if You Lose Your Private Key.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

answered Sep 25, 2018 by Archana
• 4,150 points

How to logon to windows ec2 instance, when a private key is lost??

Hi.
An instance can only be associated with a key pair only at launch time (either to an existing key pair or by creating a new key pair). that means if you lose the key pair then you won't be able to generate another one for that already running instance or associate it with an already existing key pair. To urgently address your issue, you may try to do the following:-

1. From your AWS console stop the instance.
2. Create a snapshot of the instance.
3. Create a duplicate instance from the resulting snapshot and create a new Key Pair.

Once the instance is up and running, you would be able to log into the new instance using the new key pair. The new instance is identical in every aspect to the original instance and you can carry on your work from there. If you were using an elastic IP, then dissociate it from the old instance and associate it with the new instance and make sure to update DNS as well.
0 votes
You can replace the new key using user data or systems manager.

Using User Data:

 1. Create a new key pair from the AWS EC2 Console
 2. Generate the Public Key from the downloaded key pair using below cmd:
    ssh-keygen -y -f <Key Pair name>.pem
 3. Stop the EC2 instance and edit the user data of the instance and pass the below script and start the Instance

        Content-Type: multipart/mixed; boundary="//"
        MIME-Version: 1.0

        --//
        Content-Type: text/cloud-config; charset="us-ascii"
        MIME-Version: 1.0
        Content-Transfer-Encoding: 7bit
        Content-Disposition: attachment; filename="cloud-config.txt"

        #cloud-config
        cloud_final_modules:
        - [users-groups, once]
        users:
         - name:ec2-user
           ssh-authorized-keys:
           - <**Paste the Public key here**>


    Now, You will be able to login to EC2 instance with the downloaded key pair.

Using Systems Manager:

 1. If the instance is a managed instance in AWS Systems Manager, you can use the AWSSupport-ResetAccess document to recover the lost key pair.
 2. Open the AWS Systems Manager console, select Automation in left navigation pane, click execute Automation. In automation document section select owned by Amazon. In the run book list, search for AWSSupport-ResetAccess
 3. In Execute automation document page, choose Simple execution. In document details section, verify Document version is set to Default. In the input parameter section, specify the Instance ID, Subnet ID and Instance type in parameter and execute.
 4. When Automation is finished, the new ssh private key is saved and encrypted in parameter store and the parameter store named as /ec2rl/openssh/<InstanceID>/key

You can refer the below link for more detailed steps:

https://cloudsolutionsonline.blogspot.com/2021/11/connect-to-linux-ec2-instance-if-ssh.html?m=1
answered Nov 17 by anonymous

Related Questions In AWS

0 votes
3 answers
0 votes
1 answer

How to safely upgrade an Amazon EC2 instance from t1.micro to large?

Using AWS Management Console: Right-Click on the instance Instance ...READ MORE

answered Oct 8, 2018 in AWS by Priyaj
• 58,140 points
291 views
0 votes
1 answer
+1 vote
2 answers
0 votes
1 answer
0 votes
1 answer

How to ssh into EC2 instance without PEM key?

You need ssh-agent to supply your PEM file during ...READ MORE

answered Mar 13, 2019 in AWS by trisha
982 views
0 votes
1 answer

How to launch an EC2 instance with IAM-Role?

The credentials you are using from your ...READ MORE

answered Sep 3, 2018 in AWS by Archana
• 4,150 points
1,659 views
0 votes
2 answers

How can I find out the instance id of an ec2 instance from within the ec2 instance?

A curl or wget to http://169.254.169.254/latest/meta-data/instance-id will ...READ MORE

answered Mar 9, 2020 in AWS by anonymous
1,573 views