Amazon EC2 keypair recovery

I need to know of any way to access a running instance in Amazon EC2.

• I DON'T have the original keypair ".pem"开发者_运维知识库 file
• I DO have access to the aws management console
• Terminating/rebooting is not feasible

the closest to my question I have found was this but I hope things have changed since.

is there any way to download that pem file or assign a new keypair?

The keypairs can only be downloaded once from Amazon, presumably for security reasons. What you could do, is assign one of your Elastic IP's to the instance and route traffic through that normally. Snapshot the instance and bring up a duplicate with a new Keypair. Switch the Elastic IP over to the new instance. This is not particularly elegant, but is much less downtime than a full shutdown.

Note: If you assign the Elastic IP to the instance, it will override the current public IP, so you will have to make sure to update DNS as well.

Actually, you can assign a new keypair to the instance ONLY IF you stop the instance, detach the root partition (usually /dev/sda1) and attach it to another instance. After doing that, you will have access to /home/ubuntu/.ssh/authorized_keys . You can generate a new .pem key via command line and paste it in that file. Then, you detach that partition and re-attach to the original instance. Use the new generated key to connect to it.

You can learn more about these steps in Google, or here: http://www.eng.cam.ac.uk/help/jpmg/ssh/authorized_keys_howto.html

When you are setting up your AMI's going forward, setup cloud-init. On boot this will pull down the user data and process it accordingly. Therefore you can insert something like the following into the user data box while the AMI is stopped:

mkdir -p /root/.ssh/

cat > /root/.ssh/keyname.pub <<EOF_PUB
ssh-rsa yourkeydata== keyname@wherever
EOF_PUB

cat /root/.ssh/keyname.pub >> /root/.ssh/authorized_keys;

Again though, if your cloud-init packages are not installed and running this will be ineffective. I have on more than one occasion had to recover locked out AMI's from developers who don't save their keys. This is a godsend.

You can go to EC2 Dashboard, click on 'X Key Pair' (X is a number), Create Key pair. So give it a name, and an option to download it will appear.