One of the most desperate situations in IT is losing a server password or, in the case of Amazon’s Cloud, losing the cryptographic key that gives access to Linux. Without it, obviously, you will no longer be able to connect to the system, change the settings or recover the data.
But not everything is so lost. There are some ways to get access to these servers again in the Amazon cloud.
We list two ways. Remembering that it is always good to test first on another server (you can quickly create a new server for this purpose) and never do it directly on the production server.
1. Change the access key by manipulating the root disk:
- We won’t go into too much detail, as there is extensive documentation. There are several websites with instructions on how to do it. For example, see the item with 12 steps: http://stackoverflow.com/questions/7881469/change-key-pair-for-ec2-instance/
- the key shown on Amazon will be out of sync with the server key.
2. Through backup and restore:
- create a new access key;
- stop the server that lost the key;
- create a backup/image of this server;
- check all configurations: Elastico IP, Security groups, VPC internal IP, etc.;
- create a new server from this backup, selecting the new key and mapped settings;
- check the configurations of other servers that need this server (database? networks?, etc.). If it’s a standard EC2 server, the internal IP will probably change;
- If everything is OK, after a few days you can destroy the server that no longer has the key.
Note: the server must have the ‘cloud-init’ script enabled at startup. If at some point it was disabled or an image that you don’t have was used, you must perform procedure 1 (it is with this script that Amazon will use the new key when creating the new server).
How can Cloud8 help you in this situation?
First, we recommend using our backup manager to organize backups/restores and take advantage of recommendations on how to restore original settings.
Second, you can create the access key through Cloud8 and store it in the dashboard. You can choose to enter a second security password so as not to expose your certificate. The risk of losing it or being accessed improperly will decrease considerably! And when you access the server, it will only ask for this second password.
Easy and practical, right?