I’m trying to get a ssh connection to a project I took over from a client. I created a new key using AWS cli: aws ec2 create-key-pair --key-name NewKeyName --query 'KeyMaterial' --output text > NewKeyName.pem
I changed the permission to 004. I see the key under "Key Pairs" in the AWS console webpage. I created a IAM user and granted it all permissions.
ssh -i ~/.ssh/NewKeyName.pem [email protected]
Permission denied (publickey)
.. I also tried with the regular public ip address.. I tried connecting with "EC2 Instance Connect" under "Instances > Connect to instance" and getting error: Failed to connect to your instance Error establishing SSH connection to your instance. Try again later.
I tried connecting with "EC2 serial console" from "Instances > Connect to instance" and getting same error. I have no idea what else to try now… nothing seems to work.. I also tried creating my own private/public keys and uploading but same result.
I can see the key that was used to create the instance, but that user is gone, but we are supposed to be able to connect with a new ssh key right?
What more is there to try?
2
Answers
Want i did to fix this realizing that we do actually need to replace/add the ssh key in .ssh/authorized_keys before we are able to connect.
What I did was:
Changing an EC2 instance’s SSH key isn’t possible without accessing the instance, either using the previous key or with a username/password previously set up directly on the instance.
IAM doesn’t handle low-level user management within an instance.
If you can’t recover the previous SSH key, the only way to access the data on that machine is to attach its volume to a newly created instance, which has a known SSH key associated with it.