After recovering a Linux instance "PasswordAuthentication" in the /etc/ssh/sshd.config file changes from "Yes" to "No"
After recovering a Linux instance "PasswordAuthentication" in
the /etc/ssh/sshd.config file changes
from "Yes" to "No".
The issue is, that to provide secure access to launched instances, AWS
alters a single directive in the /etc/ssh/sshd_config at launch. AWS
alters this file at launch, regardless of its state on disk or backup.
This prevents any user from using PAM password login. Only ssh public
key authentication (based on the ec2-user) key used to launch the
instance) can take place.
Changed Directive (/etc/ssh/sshd_config)
#PasswordAuthentication yes
PasswordAuthentication no
To prevent this issue, you can check "Enable User Data" in the Advanced Options of Instance Recovery screen, and paste this into User Data:
#!/bin/bash
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
systemctl restart sshd
Related Articles
Troubleshooting File Level Recovery (FLR) communication issue
CPM Configuration File-level recovery requires N2WS to recover volumes in the background and attach them to a temporary EC2 ‘worker’ launched for the operation, The worker will be launched in the same account and region as the snapshots being ...
CPM instance hardening for vulnerability scans
In order to perform the below operations, you need to connect to the instance with SSH (your assigned private key and username: "cpmuser"). 1) (Only in v2.3 and up) To enforce usage of TLS 1.2, please edit the file /etc/apache2/mods-enabled/ssl.conf. ...
Error on Instance recovery - Instance recovery failed: Failed checking snapshot availability
Issue: Error - Instance recovery failed: Failed checking snapshot availability When running a recovery, first CPM downloads the data from the bucket, then it creates a temporary snapshot and then creates the instance. This error occurs when a timeout ...
Troubleshooting Linux scripts in CPM
In order to troubleshoot scripts, you need to connect to the CPM instance over SSH (using user "cpmuser") and execute the scripts from command line. Please do not use "su" or "sudo", as CPM doesn't elevate permissions. If when you run the script you ...
Troubleshooting File Level Recovery (FLR) 3.2
Background: File-level recovery requires N2WS to launch temporary worker instance in the target region. The worker will read the snapshot directly or recover volumes in the background and attach them to a ‘worker’ instance launched for the operation. ...