Reputation: 2788
How can I recover SSH access to a amazon EC2 instance after UFW firewall activation by accident?
I have activated UFW firewall in an EC2 ubuntu server 12.04 instance, but I forgot to allow access to port 22. Now I can't connect to the instance via SSH. This instance is EBS backed.
How can I recover SSH access to a amazon EC2 instance after UFW firewall activation by accident?
Upvotes: 20
Views: 7994
Answers (4)
Reputation: 73
my EC2 instance is inaccessible and in /etc/ufw/ufw.conf enabled is already set to no as enabled=no
I have tried the user data script as well but still no success.
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
ufw disable
iptables -L
iptables -F
--//
Upvotes: 0
Reputation: 194
Another way, super easy: Easiest way is to update the instance's user data
Stop your instance
Right click (windows) or ctrl + click (Mac) on the instance to open context menu, then go to Instance Settings -> Edit User Data or select the instance and go to Actions -> Instance Settings -> Edit User Data
If you're still on the old AWS console, select the instance, go to Actions -> Instance Settings -> View/Change User Data
And paste this
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
ufw disable
iptables -L
iptables -F
--//
Once added, restart the instance and ssh should work. The userdata disables ufw if enabled and also flushes any iptable rules blocking ssh access
Upvotes: 6
Reputation: 1544
Step 1:
Open view/change user data in instance settings.
Step 2:
Add the script(mentioned below) and save it.
#cloud-config
bootcmd:
- cloud-init-per always fix_broken_ufw_1 sh -xc "/usr/sbin/service ufw stop >> /var/tmp/svc_$INSTANCE_ID 2>&1 || true"
- cloud-init-per always fix_broken_ufw_2 sh -xc "/usr/sbin/ufw disable>> /var/tmp/ufw_$INSTANCE_ID 2>&1 || true"
Step 3: Restart the instance:(machine ip will be changed) Script will executed on boot, ufw will be disabled.
Now we can connect the instance through ssh.
Reference(step by step with screenshot): https://github.com/ibrahim45/configuration/blob/master/boot_script_instance.md
Upvotes: 22
Reputation: 2788
Well, thanks to EBS there is a solution.
- Stop your instance
- Attach your EBS volume to another instance. if you don't have one, create a micro instance.
- Mount yor EBS volume somewhere ie. /opt/recover
- List item
- Edit {your-ebs-mount}/etc/ufw/ufw.conf and change enabled=yes to enabled=no
- Umount the EBS
- Detach from the temp instance
- Reattach to the original instance. (make sure to attach as root)
- Restart the instance
Now you firewall is disbled in your instance, so you can access it via ssh.
Upvotes: 27
Related Questions
- SSH back to AWS Lightsail after UFW enabling
- Locked myself out of SSH with UFW in EC2 AWS
- AWS EC2 forgot password and not able to use SSH
- Lost access to EC2 instance
- What to do if I lose my SSH key for an Amazon EC2 EBS backed instance?
- AWS. Accidently block all connection
- AWS EC2 Instance connection reset by port 22
- How can i connect to ec2 if i close port 22 using ufw?
- how to recover an amazon ec2 instance with a messed up sshd configuration
- Connection timed out for AWS ubuntu cloud instance after ufw disable and enable