Reputation: 354
AWS: Ownership of / accidentally changed to root, now I can't SSH as ec2-user
Without being able to SSH instance I can't recall the exact command(s) I entered, but I believe I did the following:
chown root /
Or something to that affect. Now, I can't SSH as ec2-user. Error I receive is:
Permission denied (publickey).
I know this error typically happens when permissions aren't properly set for the .pem file, but I've double checked that even though I've been able to SSH without issue prior to this. Therefore I believe it is something on the instance that changed.
Is there a way to login as root? When I try I get:
Please login as the ec2-user user rather than root user.
The solution to that I've seen was to make an edit on the instance itself beforehand, something I obviously can't do right now. Any ideas? Thanks for your time.
PS-I'm well aware this was a dumb mistake. I'm looking for help, not ridicule. :)
UPDATE
I've followed @John Petrone and have mounted a snap of this affected volume on another instance. The only difference I can see at this time are the ownership settings for /home/ec2-user. See differences:
Temporary, non-affected server:
drwx------ 3 ec2-user ec2-user 4096 Jun 6 01:37 ec2-user
Affected server:
drwx------ 3 222 ec2-user 4096 Jun 4 22:57 ec2-user
Could this difference in file owner be what I'm looking; what is causing the instance to not allow SSH as ec2-user?
Thanks again for everyone's help, I greatly appreciate your time.
Upvotes: 2
Views: 2979
Answers (1)
Reputation: 27497
Is your EC2 instance running with an EBS backed root volume? If so you can try this. The directions are for what to do when you lose your private key for ssh. You would follow a similar procedure here, mount the volume on another EC2 instance to get access to the files and fix the permissions:
Connecting to Your Instance if You Lose Your Private Key
If you lose the private key for an EBS-backed instance, you can regain access to your instance. You must stop the instance, detach its root volume and attach it to another instance as a data volume, modify the authorized_keys file, move the volume back to the original instance, and restart the instance. This procedure isn't supported for instance store-backed instances or instances whose root volume has an AWS Marketplace product code. For more information about launching, connecting to, and stopping instances, see Instance Lifecycle.
To determine the root device type of your instance, open the Amazon EC2 console, click Instances, select the instance, and check the value of Root device type in the details pane. The value is either ebs or instance store. If the root device is an instance store volume, you must have the private key in order to connect to the instance. You can also check the value of Product codes in the details pane to determine whether you're using an AWS Marketplace product code.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair
Upvotes: 6
Related Questions
- Amazon AWS EC2 Deleted Key Locked out of Root
- Lost access to EC2 instance
- EC2: "Connection refused" to all instances after changing ownership of /var
- SSH Access to AWS EC2 - Permission Denied
- AWS EC2 Permission denied
- Permission denied (publickey) on Amazon EC2 and can't access server
- How to recreate ec2-user home directory
- Restarting EC2 and login as root
- Go from AWS root to ec2-user
- generated new ssh key on aws instance and now i'm locked out (can't ssh in)