Steps to login to EC2 Linux Instance without SSH keypair

In this blog, we will show you the steps to login to EC2 Linux Instance without SSH Keypair.

ENVIRONMENT OVERVIEW

• We have created an EC2 Linux Instance without a key pair.

CREATING IAM ROLE

• Open the IAM service from the AWS Management Console.

• Click on Roles Option.

• Then click on Create role button.

• Select the EC2 service and click on the Next button.

• Search for AmazonEC2RoleforSSM and select it and click on Next.

• We haven’t added any Tags for this demo. Click on Next.

• Provide the name and description for this role and click on Create role button.

• The role has been created successfully.

ADDING INLINE POLICY

• Open the newly created role and click on Add Inline Policy.

• Click on JSON Tab and paste the below script.

{
   “Version”: “2012-10-17”,
   “Statement”: [
     {
       “Effect”: “Allow”,
       “Action”: [
         “ssm:PutParameter”
       ],
       “Resource”: [
         “arn:aws:ssm:region:account_id:parameter/EC2Rescue/Passwords/<instanceid>“
       ]
     }
   ]
}

• Update the region, account ID and Instance ID and click on Review policy.

• Provide a name and click on create policy.

• The In-policy is created successfully.

CREATING AN ENCRYPTION KEY

• Search for KMS in the AWS Management console.

• Click on the Customer Managed Keys.

• Click on the create key button.

• Provide the Alias and Description and click on the Next button.

• No tags were provided for this key. Click Next to continue.

• Search for the role which we created earlier and select it.

• Select the same IAM role which we created earlier to Define key usage permissions and click Next.

• Review the policy and click on the Finish button.

ATTACH AN IAM ROLE TO AN INSTANCE

• Open the EC2 Management Dashboard and click on the Instances link.

• Select the instance and click on Actions – Instance Settings – Attach/Replace IAM Role link.

• Select our newly created IAM role from the drop-down list and click on the Apply button.

• IAM Role has been added successfully.

ASSIGNING THE KMS TO SESSION MANAGER

• Search for SSM in AWS Management Console.

• Select the Session Manager link.

• Then click on the Preferences Tab.

• Then select the Edit Button.

• Click on the Key Management Service (KMS) checkbox under the preferences section.

• Scroll down and select our newly created key in KMS. In addition, click on the Save button.

• Now our KMS key has been associated with the Session Manager.

RESET THE ROOT USER PASSWORD

• Search for SSM in AWS Management Console.

• Click on Managed Instances under Instances & Nodes topic and make sure that your instance is available in the list.

• Select the instance and click on the Reset password.

• It will prompt you to update the SSM client. Click on the update button.

• After a few seconds, It will prompt you the text box to provide the username. Type root and click on Submit.

• Now type the new password twice for the root account and click Done.

• Scroll down and click on the session manager link under Instances & Nodes section.

• Click on the Start session.

• Now select the instance and again click on the start session.

• A session window will open for your selected instance.

ENABLING THE ROOT USER ACCESS

• First, change to root user using su – root command.

• Go to /etc/ssh/ and open sshd_config through VI Editor.

• Permit the root login by removing the # tag.

• Also, please enable password authentication in addition to saving the changes.

• Save and exit the Editor.

• Restart the SSHD service using the below command.

systemctl restart sshd.service

VERIFICATION

• Access the Linux EC2 Instance using public IP through SSH.

• We are able to login to the EC2 Linux instance using root account without SSH key Pair.

REFERENCE

Keypair

Thanks for reading this blog. We hope it was useful for you to know about the steps to login to EC2 Linux Instance without SSH keypair.