Recover AWS EC2 SSH key lost or corrupted


Maybe you have been there before with an AWS EC2 instance and your SSH key no longer works. You may wonder, how is this possible? How am I going to regain access to the instance? Don’t panic, there is actually a pretty simple workaround if you have access to the AWS console and the region where the EC2 instance is housed. Let’s walk through a quick process to recover AWS EC2 SSH key lost or corrupted where access to the low-level shell environment is lost with the key.

AWS keypairs are essential for access to AWS EC2 instances

Most have worked with AWS and have spun up an EC2 instance in one region or another. One of the first tasks that you will see as part of provisioning a new EC2 instance is to assign a key pair to the instance. Before finalizing the instance creation, you will see the dialog box pop up asking you to Select an existing key pair or create a new key pair. If you have an existing key pair you can re-use one you have currently, or you can choose to create a new key pair.

Select an existing key pair or create a new key pair
Select an existing key pair or create a new key pair

You can also create the key pair ahead of time by navigating to EC2 > Key pairs. You can select to Create key pair.

Creating a new key pair in Amazon AWS
Creating a new key pair in Amazon AWS

Either creating the keypair ahead of time or creating/selecting a key pair on the fly is an important step that you want to pay attention to. After you generate a new keypair using either method or if you choose an existing key pair, you need to have the corresponding private key saved in a safe location. When you create a new keypair, your browser will download the private key file in the format you choose for use with the SSH command (.pem) or Putty (.ppk).

Recover AWS EC2 SSH key lost or corrupted

What if you get the dreaded message below? You verified the key is what you think it is, and it is still not working.

Key pair private key not working connecting to an Amazon AWS EC2 instance
Key pair private key not working connecting to an Amazon AWS EC2 instance

What steps can we take to get around this issue?

Create an AMI image

There is a quick way to get around this issue. Using the AWS console, we can create an Amazon AMI image of the EC2 instance. With this, you are creating an “image” you can deploy, just like the images in the Amazon catalog when you initially deploy an EC2 instance.

The image you are creating is an exact copy of the server you are imaging, including the programs and settings that are applied when you launch an EC2 instance. You can create an image from the configuration of an existing instance. The crucial characteristic here that is important is that when you deploy a new EC2 instance using the image, you can select a new key pair.

The image can be created on your server while it is up and running. Navigate to Actions > Image and templates > Create image.

Creating an Amazon AMI image
Creating an Amazon AMI image

On the Create image page, you name the new AMI image and assign a description, tags, etc. Once you have assigned everything for the image, click the Create image button.
Name the new AMI image add description and tags
Name the new AMI image add description and tags

This process won’t take long. I have an EC2 with a 200 GB drive, etc and it only took a few seconds to create.

AMI image is successfully created
AMI image is successfully created

Now that we have a new AMI image, we can select the AMI image and choose Launch instance from image.
Launching an instance from the AMI machine image
Launching an instance from the AMI machine image

The crucial step for what we are trying to accomplish is that we get to Select an existing key pair or create a new key pair. This allows you to spin up an exact image using the AMI image and choose a new or select an existing key pair, which allows restoring access to the EC2 instance.

After creating an AMI image you can select a new or existing key pair
After creating an AMI image you can select a new or existing key pair

As you can see below, after deploying the AMI image as a new EC2 instance, now I once again have access using a new SSH key that was created.
SSH access is restored to AWS EC2
SSH access is restored to AWS EC2

AWS EC2 key pair FAQs

  • What is an AWS EC2 key pair? – The key pair is made up of a public and private key. You have possession of the private key and AWS has possession of the public key.
  • Which par of an EC2 key pair do you have? You have the private key, either in the .pem format or .ppk format
  • What is an Amazon AMI image? – It is an exact copy of the configuration and settings of an EC2 instance. You can create an AMI image from an existing EC2 instance.
  • How can you recover AWS EC2 SSH key that is lost or corrupted? You can use the process detailed in the post by create an AMI image of the server that you can’t access and then deploy the AMI image giving you the opportunity to create a new SSH key or use an existing one.

Final Notes

Hopefully, this walkthrough will help any who might be in the position of losing their AWS EC2 key pair private key or have one that is incorrect, corrupted, or otherwise unusable. The key pairs are essential to have access at a low level to the Linux operating system via SSH.

Post a Comment

0 Comments