Skip to main content

Replacing SSH Keys For AWS Linux Instances

barellag
Forum|alt.badge.img

Hello all,

It's been a while since my last post - hope you're all doing well😀

I often come across customers struggling with lost or misplaced SSH keys when dealing with their Veeam Backup for AWS appliances. To assist those in need, I've put together a simple guide on replacing the SSH key, particularly useful for regaining access to your Linux instances, whether they are Veeam Backup for AWS appliances or any other Linux-based systems.

Let's dive into the steps:

Step 1: Generate a New Key

Start by creating a new key using the AWS CLI with the following command:

aws ec2 create-key-pair --key-name MyReplacementKey --query ‘KeyMaterial’ --output text > MyReplacementKey.pem

 

It will save the PEM file to the directory you are at when you run the command.

Remember to set the appropriate permissions for the key:

chmod 400 MyReplacementKey.pem

Now, generate the public key:

ssh-keygen -y -f MyReplacementKey.pem > MyPublicKey.pub

Step 2: Replace the Key

For this demonstration I launched an EC2 instance without a key:

On the terminal you will run the following AWS command:

aws ssm send-command --document-name AWS-RunShellScript --instance-ids i-09d134dae9acac5ad --parameters commands="touch /home/ec2-user/.ssh/authorized_keys && echo PASTE_PUB_CONTENT_HERE > /home/ec2-user/.ssh/authorized_keys",executionTimeout="3900"

Ensure to replace PASTE_PUB_CONTENT_HERE with the content from the public key file.

Step 3: Connect with the New Key

After executing the command, you should now be able to connect to the Linux instance using the new key.

 

Note: The key name on the AWS portal won't change. If it was initially missing, it will remain empty. If there was a previous name, it will persist. However, you can still connect seamlessly with the new key.

 

The steps mentioned above can also be performed through the AWS Console. However, for the sake of simplicity and efficiency, on this guide I utilized the AWS CLI. The command-line approach tends to be quicker and more straightforward.

Feel free to choose the method that suits your preference or environment best.

 

I hope this concise guide proves helpful. If you have any questions or run into issues, feel free to reach out.

 

Gabriel Barella | Senior Engineer | Advanced Tech Support @ Veeam Software | AWS SAA | Azure AA

3 comments

Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8495 comments
  • February 6, 2024

Very interesting post.  I don’t really use AWS much nor Linux, although I need to start being a Community Builder.  This might help nudge me to test.  Thanks for sharing this one.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
barellag
1 person likes this
  • barellag
    barellag
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4143 comments
  • February 6, 2024

Same as Chris..not an AWS user, but interesting nonetheless. I’ll be beginning to use SSH keys instead of credentials on my Linux OS Veeam components soon!

Thanks for the share @barellag 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
barellag
1 person likes this
  • barellag
    barellag
wesmrt
Forum|alt.badge.img+4
  • wesmrt
  • Veeam MVP
  • 226 comments
  • February 7, 2024

Great post @barellag 

We cross with so much customer that just lost the key-pair. :(
This is very useful!

Wesley Martins @ Senior Enginner at Veeam Technical Support - Public Cloud | My blog: https://itproland.com.br (PT-BR)
Chris.Childerhose
barellag
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • barellag
    barellag

Comment


Terms & Conditions