问题
I was copying some files from my home directory on my ec2 instance, and in a fit of laziness, I ran the command sudo chmod 777 /home/ec2-user/*. I guess this made my .ssh folder and possibly the authorized_keys have 777 privileges as well. Well it turns out that if authorized_keys is set to 777, you cannot SSH into the box with those keys (since another user could have updated it).
My question is, how can I fix this and log into my box again? This is an ec2 instance, so I have to ssh in.
回答1:
To Change permissions you'll need to access the files that are inside the Instance.
Since you can't ssh in the Instance you'll need to do the following things:
- Schedule a downtime for your application, because you'll need to stop the instance.
- Back-up everything inside the Instance Store(ephemeral volumes).
- Stop the instance.
- Detach the Volume from the EC2 instance in question.
- Attach the Volume to another working EC2 instance.
- Make the
chmodchanges to your .ssh directory and it's files. - Detach the volume.
- Attach to the EC2 instance in question.
- Start the EC2 Instance.
- Try Connecting to the EC2 instance.
Please note that if you don't have Elastic IP configured for the Instance, the IP address will change.
For more information about attaching volume to EC2 instance refer to this AWS Documentation.
回答2:
To keep the downtime minimum, take the image of instance (in no-reboot mode) and create a new machine with this image and the key that you had previously specified. AWS, while creating the new box, puts the keys with proper permissions.
Note that private and public IPs will change, use elastic IP if you don't want IP change then use elastic IP.
来源:https://stackoverflow.com/questions/38236985/server-refused-our-key-set-authorized-keys-perrmissions-to-777