amazon web services - How to secure an AWS EC2 instance when the SSH key is compromised or lost -

-

i'm aws noob.

i had developer set ec2 instance load balancer host node.js-based api. has moved on company still have private key log in, if wanted to. want change keys.

from have read, need relaunch instance new key pair. however, if lose node packages, , other sw has been installed on current instance? happen load balancer? need need update dns info point new ip?

(once situated, time around create multiple key pairs devs use.)

thanks, steve

edit: yes, have private key , can need to. want make sure no longer has access.

  1. take ami of current instance backup purposes. reboot instance keep existing ip. not need remove elb. may need ami if you cannot connect in after changing key.
  2. login root user, existing key.
  3. from shell, run following commands:
  4. $ ssh-keygen -t rsa -b 2048 -f user - generates new key pair
  5. $ sudo su - - if needed
  6. $ cp /home/ubuntu/.ssh/authorized_keys /home/ubuntu/.ssh/authorized_keys.bak - backup existing public key
  7. $ mv user.pub /home/ubuntu/.ssh/authorized_keys - replaces existing public key in authorized_keys file
  8. $ chmod 600 /home/ubuntu/.ssh/authorized_keys - change permissions on file
  9. copy private key (file called user) generated $ ssh-keygen command local machine , delete instance.
  10. connect instance new private key confirm. important: keep existing ssh session open , create new session new key.

if have problems on step 10 still have access existing session troubleshoot.

as cleanup make sure , remove old key pair aws console, , invalidate credentials if(!) not required existing services run. if granted developer root access aws console, should reset credentials.

note: these steps assume ubuntu installation. if using other linux type, replace \ubuntu correct aws username:

amazon linux: ec2-user   ubuntu  ubuntu debian  admin rhel 6.4 ec2-user    rhel 6.3 root

Comments

Post a Comment

Popular posts from this blog

ruby - Trying to change last to "x"s to 23 -

-
i have been playing around irb , have string looks this: irb(main):072:0> puts ["[\"4354 5432 5432 xxxxx\", \"6547 6547 8543 xxxxx\", \"2344 6543 6674 xxxxx\", \"2346 6236 7543 xxxxx\", \"1273 5585 5587 xxxxx\"]"] => nil irb(main):073:0> what want gsub last 2 "x" s of each 17 digit combination, 23 . what i've tried far (i've been using rubular): a.gsub(/\d[x]/,"23") <= grabs "x" s i'm close a.gsub(/\w[x{2}]/,"23") <= grabs "x" s grabs two digits each combination. is there easier way i'm not understanding? a.gsub(/\d{4} \d{4} \d{4} xxx\kxx/, '23') \d{4} = 4 digits what \k drop matched far. can use don't replace entire number, still able validate have in desired format.
Read more

jquery - Clone last and append item to closest class -

-
this bare-bones code on page: <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <di
Read more

c - Unrecognised emulation mode: elf_i386 on MinGW32 -

-
i'm trying make kernel, , cannot link c output assembly. ld . i'm getting error: unrecognized emulation mode: elf_i386 i'm using windows 10 professional mingw32 , msys. code using: link.ld /* * link.ld */ output_format(elf32-i386) entry(start) sections { . = 0x100000; .text : { *(.text) } .data : { *(.data) } .bss : { *(.bss) } } kernel.c /* * kernel.c */ void kmain(void) { const char *str = "my first kernel"; char *vidptr = (char*)0xb8000; //video mem begins here. unsigned int = 0; unsigned int j = 0; /* loops clears screen * there 25 lines each of 80 columns; each element takes 2 bytes */ while(j < 80 * 25 * 2) { /* blank character */ vidptr[j] = ' '; /* attribute-byte - light grey on black screen */ vidptr[j+1] = 0x07; j = j + 2; } j = 0; /* loop writes string video memory */ while(str[j] != '\0') { /
Read more