How to change key file (ppk) of an existing AWS EC2 Linux Server when key is lost

Login to AWS console and navigate to EC2 console

We can see below we have two Linux servers, one server which we lost the key file and one server with a new key file

In this example we have two servers

1. A server with a lost key file, key file name: latest

2. A server with a new key file, key file name: newkyepair

Our goal is to replace the “latest” key file with “newkeypair”.Now let’s see how we can change the key file of the server
that key file no longer exists.

Stop the server that we lost the key file.

Once server is stopped, identify its root volume and detach from the server

Select the Server and click on the root device, and click on the volume ID.
From the Actions, click on Detach Volume (Make sure we are detaching the correct volume)

Once volume is detached, verify its status. It should be in available state.

Now let’s attach this volume to another server which has a new key file.

From the actions, choose Attach and choose new server which is running.
Once we selected new serer, on the Device section keep the defaults (/dev/sdf), This device is supposed to be attached
to the server as a secondary mount point.

Click on Attach

Once attached, make sure its status is changed to In-Use

Now we have attached the root volume of stopped server to the new server that has new key file setup.

We need to mount the attached volume on the new Linux server

Let login to the new server as ec2-user and see what key file it is using (by default the key file being used are located
in /home/user/.ssh)

In this example the user is ec2-user, so the path is /home/ec2-user/.ssh (.ssh is a hidden directory)

On the .ssh directory we can see a file “authorized_keys”

Let’s see what content it has

We can see the content and its using “newkeypair”

Let’s mount the volume we attached to this server.

First check what drive letter it got, use below commnad

lsblk

we can see its xvdf1 (it’s the volume we detached from old server and attached to this server)

Create a new directory

mkdir oldvolume

once volume is created, issue below command to mount the old volume

mount /dev/xvdf1 oldvolume/

Once its mounted let’s check what key file it has in oldvolume/home/ec2-user/.ssh/

We can see its using “latest” key file

So, lets replace this key with the new key “newkeypair”

Issue below commnd to replace the “authorized_keys” file

cp /home/ec2-user/.ssh/authorized_keys /home/ec2-user/oldvolume/home/ec2-user/.ssh/

It will ask whether to replace the file, type y and hit enter

Now, let’s check if we have the new key file on the old volume

cd /home/ec2-user/oldvolume/home/ec2-user/.ssh/

ls

cat authorized_keys

We are all set replacing old key with new key.

Unmount the old volume from the new server

umount /dev/xvdf1

Let’s detach this old volume and attach it back to old server.
Once the volume state is available, attach it back to old server which is in stopped state

Choose the stopped server

Leave the Device section type “/dev/xvda”, it should be mounted as root device.

Click on Attach

Once the volume state is in-user, let’s start the old server
Once 2/2 status checks passed, login to the server with new key file “newkeyfile”