Note: This is mainly useful for instances you are essentially locked out of in the case where you don't want to create a new instance.
- Launch a micro instance with your new key (we'll call this the "key transitioning instance"). This instance will need to be in the same availability zone ("us-east-1b", for example) as the instances you are locked out of.
- Make sure you can ssh in
- Select the instance you are locked out of and make note of the attached EBS volume ID which will look something like
vol-6a844e25and the Root Device which will look something like/dev/sda1. - Stop the EC2 instance you are locked out of
- Go to that instance's Root Device EBS volume and detach it
- Re-attach the EBS volume to the key transitioning instance
- On the key transitioning instance, run
sudo fdisk -l - Note the "Device" column output from this command that is similar to the "Attachment information" which is displayed when you select the EBS volume (we'll use
/dev/xvdf1as an example). That will be your device name. - Make a mount point
sudo mkdir /mnt/tmp - Mount the device
sudo mount /dev/xvdf1 /mnt/tmp - Copy your new SSH key to the mounted dir:
sudo cp ~/.ssh/authorized_keys /mnt/tmp/home/ubuntu/.ssh/authorized_keys. IMPORTANT: this will overwrite the existing authorized keys. You may want to append the key if that suits your use case. - Unmount the volume
sudo umount -d /dev/xvdf1 - Detach the volume from the key transitioning instance in the AWS interface
- Re-attach it to the original instance and be sure you specify the Device that the original instance expects as the root you noted in step #3
- Start the old instance and you should be able to ssh in with the new key