After recovering Linux PasswordAuthentication in the /etc/ssh/sshd.config changes from Yes to No

After recovering a Linux instance "PasswordAuthentication" in the /etc/ssh/sshd.config file changes from "Yes" to "No"

After recovering a Linux instance "PasswordAuthentication" in the /etc/ssh/sshd.config file changes from "Yes" to "No".

The issue is, that to provide secure access to launched instances, AWS alters a single directive in the /etc/ssh/sshd_config at launch.  AWS alters this file at launch, regardless of its state on disk or backup.  This prevents any user from using PAM password login.  Only ssh public key authentication (based on the ec2-user) key used to launch the instance) can take place.

Changed Directive (/etc/ssh/sshd_config)
#PasswordAuthentication yes
PasswordAuthentication no

To prevent this issue, you can check "Enable User Data" in the Advanced Options of Instance Recovery screen, and paste this into User Data:

#!/bin/bash
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
systemctl restart sshd

    • Related Articles

    • Troubleshooting File Level Recovery (FLR) communication issue

      CPM Configuration File-level recovery requires N2WS to recover volumes in the background and attach them to a temporary EC2 ‘worker’ launched for the operation, The worker will be launched in the same account and region as the snapshots being ...

    • CPM instance hardening for vulnerability scans

      In order to perform the below operations, you need to connect to the instance with SSH (your assigned private key and username: "cpmuser"). 1) (Only in v2.3 and up) To enforce usage of TLS 1.2, please edit the file /etc/apache2/mods-enabled/ssl.conf. ...

    • Error on Instance recovery - Instance recovery failed: Failed checking snapshot availability

      Issue: Error - Instance recovery failed: Failed checking snapshot availability When running a recovery, first CPM downloads the data from the bucket, then it creates a temporary snapshot and then creates the instance. This error occurs when a timeout ...

    • Troubleshooting Linux scripts in CPM

      In order to troubleshoot scripts, you need to connect to the CPM instance over SSH (using user "cpmuser") and execute the scripts from command line. Please do not use "su" or "sudo", as CPM doesn't elevate permissions. If when you run the script you ...

    • Troubleshooting File Level Recovery (FLR) 3.2

      Background: File-level recovery requires N2WS to launch temporary worker instance in the target region. The worker will read the snapshot directly or recover volumes in the background and attach them to a ‘worker’ instance launched for the operation. ...