how to change password of AWS EC2 instance

6,342

Solution 1

You need to change the keys. On your instance use ssh-keygen to do this e.g.

ssh-keyget -t rsa -b 2048
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:
35:dc:34:c2:98:89:8b:4a:e2:f7:71:ad:09:02:83:57 [email protected]

Now you have a public key (/root/.ssh/id_rsa.pub) that needs to be added to the /root/.ssh/authorized_keys file

cd $HOME/.ssh
cp authorized_keys authorized_keys.safe
cat id_rsa.pub >> authorized_keys

You'll have to remove the old key from the authorized_keys file later.

Don't log out.

Copy the new private key (/root/.ssh/id_rsa) to your windows machine and use puttygen to import and save it like you did previously.

Check that you can log in using your new keys. If you can then remove the old key from your instance.

cat id_rsa.pub > authorized_keys

Don't log out.

Now check again that you can log in using your new keys


You really shouldn't use the root account in this manner. You should create separate user accounts for everyone that needs access to your system. You should then use sudo to grant them access to the commands they need to do the job. Sudo is part of the base install for most (all ?) Linux distros.

Solution 2

Create a new public ssh login key (see https://help.ubuntu.com/community/SSH/OpenSSH/Keys) and add it to /root/.ssh/authorized_keys. Test and when successfull remove the old key.

Change the root password or better disable password based logins (see https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#disable-password-authentication).

Also check the sudo permissions (using visudo) and user accounts (/etc/passwd)

Changing the password of the key does not prevent access from others. It's just your copy. That is the reason why you should not share a private cryptokey.

Share:
6,342

Related videos on Youtube

Pawan
Author by

Pawan

Darth Coder

Updated on September 18, 2022

Comments

  • Pawan
    Pawan over 1 year

    I am logging in my AWS EC2 instance using winscp/putty as root using a .ppk file which has imported-openssh-key.

    Earlier it was shared with many ppl, who are all gone, so now I have to change it in such a way that no one else can access it.

    I tried to search about it on internet but couldn't find any. Thanks in advance :)

    • mgorven
      mgorven almost 12 years
      Are you referring to the password on the key, or the password on the root system account?
    • Pawan
      Pawan almost 12 years
      how can change password of key? will it prevent others from access?
    • Pawan
      Pawan almost 12 years
      I am not sure if there are other ways to login to server, (i am new to AWS). if others can login by any other mean as root, i have to prevent that too.
  • Pawan
    Pawan almost 12 years
    it worked like a charm... all set correctly :)