Friday, 30 July 2010

On Changing the Authentication Key for an Amazon Web Service EC2 Instance

You'll be pleased to hear I got the panniers sorted.  Well, not totally sorted, but, you know, I can see now what I need to do.

Today I had a whole new problem.  I'm doing some work on a website which is hosted on Amazon Web Services, and I had to change the password so that someone who previously had access no longer has access.  Now, to begin with, until about 2 days ago, I thought Amazon sold books.  So when I typed all of the above into Google, and got back a list of pages which said things like 'what you need to do is configure the blah blah blah FXPTWH server and launch a new BlahBlahBlah and terminate the BlahdyBlah', I had as much of a clue as... well... as you would, frankly (I don't really mean that.  Love you. xo).

So, I spent some time looking at the 'EC2 Dashboard' and being a bit scared to click on things.  And then I asked in the forum, and people said things like 'what you need to do is configure the blah blah blah FXPTWH server and launch a new BlahBlahBlah and terminate the BlahdyBlah'.  But then someone helpful explained it a bit better, and now I know, so I thought I would put it on the internet, so that if anyone else comes along who knows as little as me (which is unlikely, but always possible), then they will be able to do it right away, and not spend hours feeling dumb.

And so I present the WhyNotSmile Guide to Changing the Authentication Key for an amazon Web Service EC2 Instance.

Please note that this guide is for Windows.  If you are on Linux, you probably know more than I do.

Please also note that all or any of this guide may be wrong, and WhyNotsmile accepts no liability for anything bad that happens.  You may wish to create a test instance to try this out.  If your site is important, then it would be wise to find a guide written by someone who knows what they're talking about, or you could end up locked out of your site forever.  I'm just saying this worked for me; this is what I remember doing, and I may have forgotten bits.

Things you need before you start:
  • A browser
  • An account with Amazon Web Services, with at least 1 running instance (do not ask me how to do this.  I do not know).
  • Something which lets you SSH into servers and stuff, such as FireFTP (you can also use PuTTY, but in this guide I will use FireFTP because that's what I have and I can't be bothered typing everything in twice).

Step 1: Log in to your dashboard (or 'Management Console').  Observe that Amazon use the same 'Sign in using our secure server' button on this as they do on the book-selling thing.  No reason why, I just noted it.

2. Down the left hand side, click 'Key Pairs'.  You will now see a list of one or more key pairs.  These are critical, because they give you security on your system.

3. Above the list, there is a box labelled 'Create Key Pair'.  Helpfully, this also has a picture of 2 keys.  Click this box.  Give your key pair a name.  This can be anything, as far as I can tell.  Also, it does not appear to be of any subsequent use.  Click 'create'.

4. After a few moments, you will see a pop-up thing saying that you are downloading a thing.  This is your new key, and is Very Important.  Save it somewhere where you can find it later, because we'll be coming back to it soon.

5. Now, go to FireFTP and log into your site from there.  Find the file '/root/.ssh/authentication_key', and copy it across to your local machine.

6. Now click on 'Edit' to edit the settings for this account.  Go to the second tab, which is called 'Connection', and go to 'Private Key'.  Click 'Convert', and a navigate thing pops up.  Navigate to where you saved the thing you downloaded earlier, and click 'Open'.  Now you get a popup PuTTY thing which has an insane amount of letters and numbers at the top.  Those are what you need.  Copy the contents of the top box to a blank text document.  Click 'Save private key', and save it somewhere sensible, as newkey.ppk (this should be saved in the same place as the original ppk file, if you know where it is.  If you don't, look at your account settings in FireFTP and it will tell you.  You can call it anything you like as long as it ends in .ppk, I think).  Do not overwrite the original key.

7. Open the file authentication_key, which you downloaded in step 5.  First, make a backup copy.  Now copy the contents of the PuTTY window with all the letters and numbers in it (you should have copied these to a blank text document at step 6, so they are now To Hand).  Now paste it into the authentication_key file, instead of what's there already.

8. Upload the authentication_key file to where you got it in the first place (/root/.ssh/).  You have now replaced the old key with the new one, and you can't log in with the old one any more.  Log out.

9. Now you can't log in because FireFTP is using the old key.  You have to tell it to use the new one.  Open the account manager again, and go to the 'Connection' tab that you were at before.  Click the 'Browse' button next to 'Private Key'.  Navigate to the file newkey.ppk, as discussed in step 6.  Select it, and click 'OK'.

10. Log in again.  This time FireFTP is using the new key, so it should be fine.

If it doesn't log you in, Something's Gone Wrong.  I have no idea what.  Good luck with that.

You do not need to delete the old key pair from the Management Console.  But I suppose you can if you want.  Just make sure it's not being used for anything else.

No comments: