If you are completely locked out of Ubuntu by losing your key pair or root password, do not panic. there is a way to reset your key pair or root password.
Follow these steps to restore your keypair/password to be able to gain access again. These steps should work on any Linux but it was only tested on Ubuntu on AWS from my side.
If you lost the root password:
- Login on your AWS console
- Go to EC2 and create a new temporary instance.
- Stop both temporary and old instances.
- Take note of Device Root Name (example /dev/sda1 ) in the original server and find this device name and make note of the volume ID (for example, vol-0a1234b5678c910de). Also, take note of the Availability Zone as it must be the same as the temp instance.
- Detach the Elastic Block Store (EBS) from the old instance
- Attach the same EBS to the temporary instance on /dev/sdf .
- Start the temporary instance (be aware that Subnet in the temp must be the same as the original – Availability Zone).
- You should be able to use the key pair generated to access the server.
- Once accessed via SSH, create a directory and call it anything. Let’s say “oldebs”.
- Locate the attached EBS
sudo fdisk -l
Results will look like the following. Locate your driver.
Disk /dev/nvme1n1: 64 GiB, 68719476736 bytes, 134217728 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: XXXX Device Boot Start End Sectors Size Id Type /dev/nvme1n1p1 * 2048 134217694 134215647 64G 83 Linux Disk /dev/nvme0n1: 8 GiB, 8589934592 bytes, 16777216 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: XXXX Device Boot Start End Sectors Size Id Type /dev/nvme0n1p1 * 2048 16777182 16775135 8G 83 Linux
The last line should be your attached drive
- Mount the EBS that was attached to the new directory (oldebs).
In the example above, the attached storage was renamed to nvme0n1.
mount /dev/nvme0n1 oldebs
You might need to access root before doing that
- Edit the ssh config file to enable access via key pair and disable access via root password.
And set the following
PermitRootLogin yes PubkeyAuthentication yes PasswordAuthentication no
- Save all the changes.
- Stop the temporary instance.
- Detach the EBS from the temporary instance and attach it to the old instance.
- Start the old instance.
- You should be able to use your key pair that was generated when you created your old instance.
- Access the server via SSH using Pubkey.
- Change your root password.
- Disable key pair access and enable root password access for the SSH config file.
And set the following
PermitRootLogin yes PubkeyAuthentication no PasswordAuthentication yes
- You might need to restart SSH.
sudo systemctl restart sshd
- Don’t forget to stop the temporary password to avoid extra charges by AWS.
If you lost the Key Pair: