我获得了AWS控制台访问权限,该帐户有两个正在运行的实例,但我无法关闭(在生产环境中)。但是,我想获得对这些实例的SSH访问权,是否可以创建一个新的Keypair并将其应用到实例,以便我可以SSH ?目前还不能为创建实例的密钥对获取现有的pem文件。

如果这是不可能的,是否有其他方法可以进入实例?


当前回答

我之前也遇到过这种情况(无法访问别人创建的EC2实例,但可以访问AWS web控制台),我在博客上找到了答案:http://readystate4.com/2013/04/09/aws-gaining-ssh-access-to-an-ec2-instance-you-lost-access-to/

基本上,您可以分离EBS驱动器,将其连接到您可以访问的EC2。将您的SSH pub密钥添加到~ec2-user/。Ssh /authorized_keys。然后将其放回到旧的EC2实例上。使用Amazon AMI逐步链接。

不需要创建快照或创建新的克隆实例。

其他回答

对于Elastic Beanstalk环境,您可以像这样将键值对应用到正在运行的实例:

从EC2 ->密钥对(在网络和安全选项卡下)创建一个键值对 转到Elastic Beanstalk并单击您的应用程序 进入“配置->安全”,单击“编辑” 选择EC2密钥对并单击Apply 单击“确认”确认更新。它将终止环境并将键值应用到您的环境。

我没有找到通过控制台添加新密钥对的简单方法,但您可以手动完成。

只需使用现有密钥对ssh进入EC2盒子。然后编辑~/。Ssh /authorized_keys并在新行中添加新密钥。通过新机器退出并ssh。成功!

虽然不能直接向运行中的EC2实例添加密钥对,但可以创建一个linux用户并为他创建一个新的密钥对,然后像使用原始用户的密钥对一样使用它。

在本例中,您可以要求实例所有者(创建实例的人)执行以下操作。因此,实例所有者不必与您共享他自己的密钥,但是您仍然能够ssh进入这些实例。这些步骤最初是由Utkarsh Sengar (aka。@zengr)在http://utkarshsengar.com/2011/01/manage-multiple-accounts-on-1-amazon-ec2-instance/。我只做了一些小改动。

Step 1: login by default “ubuntu” user: $ ssh -i my_orig_key.pem ubuntu@111.111.11.111 Step 2: create a new user, we will call our new user “john”: [ubuntu@ip-11-111-111-111 ~]$ sudo adduser john Set password for “john” by: [ubuntu@ip-11-111-111-111 ~]$ sudo su - [root@ip-11-111-111-111 ubuntu]# passwd john Add “john” to sudoer’s list by: [root@ip-11-111-111-111 ubuntu]# visudo .. and add the following to the end of the file: john ALL = (ALL) ALL Alright! We have our new user created, now you need to generate the key file which will be needed to login, like we have my_orin_key.pem in Step 1. Now, exit and go back to ubuntu, out of root. [root@ip-11-111-111-111 ubuntu]# exit [ubuntu@ip-11-111-111-111 ~]$ Step 3: creating the public and private keys: [ubuntu@ip-11-111-111-111 ~]$ su john Enter the password you created for “john” in Step 2. Then create a key pair. Remember that the passphrase for key pair should be at least 4 characters. [john@ip-11-111-111-111 ubuntu]$ cd /home/john/ [john@ip-11-111-111-111 ~]$ ssh-keygen -b 1024 -f john -t dsa [john@ip-11-111-111-111 ~]$ mkdir .ssh [john@ip-11-111-111-111 ~]$ chmod 700 .ssh [john@ip-11-111-111-111 ~]$ cat john.pub > .ssh/authorized_keys [john@ip-11-111-111-111 ~]$ chmod 600 .ssh/authorized_keys [john@ip-11-111-111-111 ~]$ sudo chown john:ubuntu .ssh In the above step, john is the user we created and ubuntu is the default user group. [john@ip-11-111-111-111 ~]$ sudo chown john:ubuntu .ssh/authorized_keys Step 4: now you just need to download the key called “john”. I use scp to download/upload files from EC2, here is how you can do it. You will still need to copy the file using ubuntu user, since you only have the key for that user name. So, you will need to move the key to ubuntu folder and chmod it to 777. [john@ip-11-111-111-111 ~]$ sudo cp john /home/ubuntu/ [john@ip-11-111-111-111 ~]$ sudo chmod 777 /home/ubuntu/john Now come to local machine’s terminal, where you have my_orig_key.pem file and do this: $ cd ~/.ssh $ scp -i my_orig_key.pem ubuntu@111.111.11.111:/home/ubuntu/john john The above command will copy the key “john” to the present working directory on your local machine. Once you have copied the key to your local machine, you should delete “/home/ubuntu/john”, since it’s a private key. Now, one your local machine chmod john to 600. $ chmod 600 john Step 5: time to test your key: $ ssh -i john john@111.111.11.111

因此,通过这种方式,您可以设置多个用户来使用一个EC2实例!!

您可以通过以下命令向实例添加一个新密钥:

ssh-copy-id -i ~/.ssh/id_rsa.pub domain_alias

可以在~/目录下配置domain_alias。ssh配置

host domain_alias
  User ubuntu
  Hostname domain.com
  IdentityFile ~/.ssh/ec2.pem

实际上,您可以通过elastic beanstalk配置页面添加密钥对。然后它为您重新启动实例,一切正常。