AWS EC2更換SSH KEY

AWS EC2更換SSH KEY === ###### tags: `AWS` ### 使用EC2建立的linux機器正常都會選擇一把SSH key，但當我們忘記選擇key或是遺失key的時候會非常的麻煩，當發生這個情況的時候我們只能透過以下幾種方式登入EC2機器。 1. 原先就已開啟SSH帳號密碼登入的user 2. 透過console的Instance connect 但是有[機型的限制](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-serial-console-prerequisites.html#sc-prereqs-instance-types) 3. 使用 AWS Systems Manager但需要安裝[SSM](https://docs.aws.amazon.com/zh_tw/systems-manager/latest/userguide/session-manager-prerequisites.html) 4. 讓userdata來重新新套用SSH key ### **首先我們先選擇一台遺失SSH key的EC2** ![](https://hackmd.io/_uploads/HkhDH-84h.png) ### **建立一把測試的key** ![](https://i.imgur.com/OBmH8cL.png) ### **透過CMD獲取key的公鑰** ``` ssh-keygen -y -f SSHkey-test.pem ``` ![](https://i.imgur.com/HTujvcF.png) ### **編輯USERDATA** ``` Content-Type: multipart/mixed; boundary="//" MIME-Version: 1.0 --// Content-Type: text/cloud-config; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cloud-config.txt" #cloud-config cloud_final_modules: - [users-groups, once] users: - name: username ssh-authorized-keys: - PublicKeypair ``` ### **確認USER名稱** ![](https://i.imgur.com/pizhweL.png) ### **把key公鑰加入USERDATA** ``` Content-Type: multipart/mixed; boundary="//" MIME-Version: 1.0 --// Content-Type: text/cloud-config; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cloud-config.txt" #cloud-config cloud_final_modules: - [users-groups, once] users: - name: ec2-user ssh-authorized-keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgVfG/bGQglvbKebvVrmoOrVq5asDIRhicEICQNYaSM2lFWoR75++9P0kl6eQKZzIs/wve0O2RrzBGpeyfarCbVROjUQUNCrNnmvTztLPgSMmjyAXLSvnNxJQVnRVxeQKs1m57sUU4AWfXx60Jt5wnIdKvcEqyEt2FPNnHzBSsO+K36y3uZ4uogfiuqRuHmTb7lWWDPp7qog/k18LD1lvbjpa7Axzei1caohbCH5MYHIgTwgV1MBQ5ex11hN0ZEwxaKbTK3zATpTWqEbazl9aLti9TP936yqKz9Cphzai/Udxzcaa7ALM9K0VkAWzzjNLKqA8t8T/8IQJhk/B3EBkh ``` ### **停止EC2並儲存USERDATA** ※請注意，未設置靜態IP可能會造成IP變動 ![](https://i.imgur.com/snIhRvd.png) ### **現在複製SSH指令** ![](https://i.imgur.com/Qd9GdI4.png) ### **更換成新的Key名稱進行連線成功** ![](https://i.imgur.com/cIVH4vK.png) ### **測試建立未選擇key的EC2** ![](https://hackmd.io/_uploads/S16eHb8Vh.png) ### **一樣可成功進行SSH連線** ![](https://i.imgur.com/R4Nc1a0.png) --- AWS EC2更換RDP KEY === ### **首先我們先選擇一台遺失RDP key的EC2** ![](https://hackmd.io/_uploads/HJcRzZL4h.png) ### **建立一把測試的key** ![](https://hackmd.io/_uploads/HkIYmWIV3.png) ### **建立遺失Key的EC2實例AMI** ![](https://hackmd.io/_uploads/HyWWVb8Nn.png) ### **輸入可辨識名稱** ![](https://hackmd.io/_uploads/B1WIUbUV3.png) ### **等待AMI狀態變成可用** ![](https://hackmd.io/_uploads/HyuIP-8Nh.png) ### **建立一個IAM的Roles** ![](https://hackmd.io/_uploads/HJ5w_-84h.png) **選擇AmazonSSMManagedInstanceCore，這是EC2啟用SSM必須的權限** ![](https://hackmd.io/_uploads/SJTkY-LV2.png) 輸入Roles名稱 ![](https://hackmd.io/_uploads/B1siYbI4h.png) ### **停止遺失金鑰的EC2實例** ※請注意，未設置靜態IP可能會造成IP變動 ![](https://hackmd.io/_uploads/SJAU5-IV3.png) ### **使用剛剛建立的AMI啟動實例並選擇Roles** ![](https://hackmd.io/_uploads/r1uhaZL4n.png) ### **新的金鑰對無法與舊的匹配** ![](https://hackmd.io/_uploads/ryodxGUN3.png) ### **先設置Session Manager啟用KMS** ※請注意，若是自己建立KMS需選擇新建立的KMS金鑰對 ![](https://hackmd.io/_uploads/HyGvEMUEn.png) ### **配置KMS** ![](https://hackmd.io/_uploads/BkZCNGIEh.png) **設置名稱** ![](https://hackmd.io/_uploads/SJCZHMI4h.png) **選擇稍早建立的Roles** ![](https://hackmd.io/_uploads/SkRNIzI4h.png) **確認配置** ![](https://hackmd.io/_uploads/HkNh8fUNn.png) **已建立完成** ![](https://hackmd.io/_uploads/r1WewzLNh.png) ### **重製密碼** ![](https://hackmd.io/_uploads/BkyIPf8V3.png) **使用者名稱填寫:Administrator** ![](https://hackmd.io/_uploads/BJitPGUE2.png) **重置完成** ![](https://hackmd.io/_uploads/HJnZYMIV3.png) ### **測試登入成功** ![](https://hackmd.io/_uploads/rJGO5MI4h.png) ### **刪除測試資源並終止原本遺失密碼的EC2** ---