After recovering Linux PasswordAuthentication in the /etc/ssh/sshd.config changes from Yes to No

After recovering a Linux instance "PasswordAuthentication" in the /etc/ssh/sshd.config file changes from "Yes" to "No"

After recovering a Linux instance "PasswordAuthentication" in the /etc/ssh/sshd.config file changes from "Yes" to "No".

The issue is, that to provide secure access to launched instances, AWS alters a single directive in the /etc/ssh/sshd_config at launch.  AWS alters this file at launch, regardless of its state on disk or backup.  This prevents any user from using PAM password login.  Only ssh public key authentication (based on the ec2-user) key used to launch the instance) can take place.

Changed Directive (/etc/ssh/sshd_config)
#PasswordAuthentication yes
PasswordAuthentication no

To prevent this issue, you can check "Enable User Data" in the Advanced Options of Instance Recovery screen, and paste this into User Data:

#!/bin/bash
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
systemctl restart sshd
    • Related Articles

    • Troubleshooting File Level Recovery (FLR) 3.0

      Background: File-level recovery requires N2WS to recover volumes in the background and attach them to a ‘worker’ instance launched for the operation, The worker will be launched in the same account and region as the snapshots being explored, using a ...
    • CPM instance hardening for vulnerability scans

      In order to perform the below operations, you need to connect to the instance with SSH (your assigned private key and username: "cpmuser"). 1) (Only in v2.3 and up) To enforce usage of TLS 1.2, please edit the file /etc/apache2/mods-enabled/ssl.conf. ...
    • Troubleshooting File Level Recovery (FLR) 3.2

      Background: File-level recovery requires N2WS to launch temporary worker instance in the target region. The worker will read the snapshot directly or recover volumes in the background and attach them to a ‘worker’ instance launched for the operation. ...
    • Troubleshooting Linux scripts in CPM

      In order to troubleshoot scripts, you need to connect to the CPM instance over SSH (using user "cpmuser") and execute the scripts from command line. Please do not use "su" or "sudo", as CPM doesn't elevate permissions. If when you run the script you ...
    • File-level recovery may fail with "Reason: In order to use this AWS Marketplace product you need to accept terms and subscribe"

      File-level recovery may fail with the following error printed in the CPM logs: ERROR:  explore_backup_init(.\cpmserver\cpm\filemanager\views.py:368)  File Level Recovery - failed exploring snapshot snap-0123456789abcdef. Reason: Volume ...