Skip to content

Instantly share code, notes, and snippets.

@RezhaBlue

RezhaBlue/ec2-ssh-key-migration-thru-s3.md

Last active March 12, 2019 18:54
Show Gist options
  • Save RezhaBlue/bebc3dc1c18583ba6eeb53f027e8e45b to your computer and use it in GitHub Desktop.
Save RezhaBlue/bebc3dc1c18583ba6eeb53f027e8e45b to your computer and use it in GitHub Desktop.
Download ZIP
In aws, to move from one ec2 instance to another using the same elastic ip (eip) without affirming SSH permissions again, do the following
Raw
ec2-ssh-key-migration-thru-s3.md

The initial and new instance must have the same IPs (Swap an elastic ip). The new instance must have the same IP on boot. Otherwise fingerprint will be for whatever IP the instance started with.

Assuming keypair uname-ssh, To pull information from the initial instance:

scp -r -v -p -i ~/.ssh/uname-ssh.pem [email protected]:/etc/ssh/ /c/Users/uname/Desktop/foo/
scp -v -p -i ~/.ssh/uname-ssh.pem [email protected]:~/.ssh/authorized_keys /c/Users/uname/Desktop/foo/ssh/
ssh -i ~/.ssh/uname-ssh.pem [email protected] "sudo cat /etc/ssh/ssh_host_ecdsa_key" > /c/Users/uname/Desktop/foo/ssh/ssh_host_ecdsa_key &&
ssh -i ~/.ssh/uname-ssh.pem [email protected] "sudo cat /etc/ssh/ssh_host_ed25519_key" > /c/Users/uname/Desktop/foo/ssh/ssh_host_ed25519_key &&
ssh -i ~/.ssh/uname-ssh.pem [email protected] "sudo cat /etc/ssh/ssh_host_rsa_key" > /c/Users/uname/Desktop/foo/ssh/ssh_host_rsa_key &&
ssh -i ~/.ssh/uname-ssh.pem [email protected] "sudo cat /etc/ssh/sshd_config" > /c/Users/uname/Desktop/foo/ssh/sshd_config &&
ssh -i ~/.ssh/uname-ssh.pem [email protected] "sudo cat /etc/ssh/sshd_configr" > /c/Users/uname/Desktop/foo/ssh/sshd_configr

Put the files from /c/Users/uname/Desktop/foo/ssh/ in to s3://ec2-etc-ssh

This solution assumes an s3 bucket (e.g. 'ec2-etc-ssh') exists, with /etc/ssh/* files from the initial instance.

To migrate to a new instance, execute the following on new instance launch (using user data block):

#cloud-boothook
aws s3 cp s3://ec2-etc-ssh /etc/ssh --recursive
chmod 655 /etc/ssh
cd /etc/ssh
chmod 644 moduli ssh_config ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
chown :ssh_keys ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
chmod 640 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
chmod 600 sshd_config sshd_configr
cp authorized_keys ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

SSH to new instance should connect without prompt

in MIME format:

Content-Type: multipart/mixed; boundary="==BOUNDARY=="
MIME-Version: 1.0

--==BOUNDARY==

Content-Type: text/cloud-boothook; charset="us-ascii"
aws s3 cp s3://ec2-etc-ssh /etc/ssh --recursive
chmod 655 /etc/ssh
cd /etc/ssh
chmod 644 moduli ssh_config ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
chown :ssh_keys ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
chmod 640 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
chmod 600 sshd_config sshd_configr
cp authorized_keys ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

--==BOUNDARY==--

Note: to add other sections simply add another '==BOUNDARY==' and add the content between two '==BOUNDARY=='s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment