I Forgot my Root Password or Lost my Key Pair

Lost My Key Pair or root Password on Ubuntu AWS

If you are completely locked out of Ubuntu by losing your key pair or root password, do not panic. there is a way to reset your key pair or root password.

Follow these steps to restore your keypair/password to be able to gain access again. These steps should work on any Linux but it was only tested on Ubuntu on AWS from my side.

If you lost the root password:

  1. Login on your AWS console
  2. Go to EC2 and create a new temporary instance.
  3. Stop both temporary and old instances.
  4. Take note of Device Root Name (example  /dev/sda1 ) in the original server and find this device name and make note of the volume ID (for example, vol-0a1234b5678c910de). Also, take note of the Availability Zone as it must be the same as the temp instance.
  5. Detach the Elastic Block Store (EBS) from the old instance
  6. Attach the same EBS to the temporary instance on  /dev/sdf .
  7. Start the temporary instance (be aware that Subnet in the temp must be the same as the original – Availability Zone).
  8. You should be able to use the key pair generated to access the server.
  9. Once accessed via SSH, create a directory and call it anything. Let’s say “oldebs”.
    mkdir oldebs
  10. Locate the attached EBS
    sudo fdisk -l

    Results will look like the following. Locate your driver.

    Disk /dev/nvme1n1: 64 GiB, 68719476736 bytes, 134217728 sectors
    Units: sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disklabel type: dos
    Disk identifier: XXXX
    
    Device         Boot Start       End   Sectors Size Id Type
    /dev/nvme1n1p1 *     2048 134217694 134215647  64G 83 Linux
    
    
    Disk /dev/nvme0n1: 8 GiB, 8589934592 bytes, 16777216 sectors
    Units: sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disklabel type: dos
    Disk identifier: XXXX
    
    Device         Boot Start      End  Sectors Size Id Type
    /dev/nvme0n1p1 *     2048 16777182 16775135   8G 83 Linux
    

    The last line should be your attached drive

  11. Mount the EBS that was attached to the new directory (oldebs).
    Note: Newer Linux kernels may rename your devices to /dev/xvdf through /dev/xvdp internally, even when the device name entered here (and shown in the details) is /dev/sdf through /dev/sdp.
    In the example above, the attached storage was renamed to nvme0n1.

    mount /dev/nvme0n1 oldebs

    You might need to access root before doing that

    sudo su
  12. Edit the ssh config file to enable access via key pair and disable access via root password.
    vi /etc/ssh/sshd_config

    And set the following

    PermitRootLogin yes
    PubkeyAuthentication yes
    PasswordAuthentication no
  13. Save all the changes.
  14. Stop the temporary instance.
  15. Detach the EBS from the temporary instance and attach it to the old instance.
  16. Start the old instance.
  17. You should be able to use your key pair that was generated when you created your old instance.
  18. Access the server via SSH using Pubkey.
    Note: If the instance still asks for a password, reboot the instance.
  19. Change your root password.
  20. Disable key pair access and enable root password access for the SSH config file.
    vi /etc/ssh/sshd_config

    And set the following

    PermitRootLogin yes
    PubkeyAuthentication no
    PasswordAuthentication yes
  21. You might need to restart SSH.
    sudo systemctl restart sshd
  22. Don’t forget to stop the temporary password to avoid extra charges by AWS.

If you lost the Key Pair:

Coming soon

Leave a Comment