how to change password of AWS EC2 instance
Solution 1
You need to change the keys. On your instance use ssh-keygen to do this e.g.
ssh-keyget -t rsa -b 2048
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
35:dc:34:c2:98:89:8b:4a:e2:f7:71:ad:09:02:83:57 [email protected]
Now you have a public key (/root/.ssh/id_rsa.pub) that needs to be added to the /root/.ssh/authorized_keys
file
cd $HOME/.ssh
cp authorized_keys authorized_keys.safe
cat id_rsa.pub >> authorized_keys
You'll have to remove the old key from the authorized_keys file later.
Don't log out.
Copy the new private key (/root/.ssh/id_rsa) to your windows machine and use puttygen to import and save it like you did previously.
Check that you can log in using your new keys. If you can then remove the old key from your instance.
cat id_rsa.pub > authorized_keys
Don't log out.
Now check again that you can log in using your new keys
You really shouldn't use the root account in this manner. You should create separate user accounts for everyone that needs access to your system. You should then use sudo to grant them access to the commands they need to do the job. Sudo is part of the base install for most (all ?) Linux distros.
Solution 2
Create a new public ssh login key (see https://help.ubuntu.com/community/SSH/OpenSSH/Keys) and add it to /root/.ssh/authorized_keys
. Test and when successfull remove the old key.
Change the root password or better disable password based logins (see https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#disable-password-authentication).
Also check the sudo permissions (using visudo
) and user accounts (/etc/passwd
)
Changing the password of the key does not prevent access from others. It's just your copy. That is the reason why you should not share a private cryptokey.
Related videos on Youtube
Comments
-
Pawan over 1 year
I am logging in my AWS EC2 instance using winscp/putty as root using a .ppk file which has imported-openssh-key.
Earlier it was shared with many ppl, who are all gone, so now I have to change it in such a way that no one else can access it.
I tried to search about it on internet but couldn't find any. Thanks in advance :)
-
mgorven almost 12 yearsAre you referring to the password on the key, or the password on the root system account?
-
Pawan almost 12 yearshow can change password of key? will it prevent others from access?
-
Pawan almost 12 yearsI am not sure if there are other ways to login to server, (i am new to AWS). if others can login by any other mean as root, i have to prevent that too.
-
-
Pawan almost 12 yearsit worked like a charm... all set correctly :)