Server root access

⚠️ DO NOT USE THIS GUIDE UNLESS YOU WERE TOLD TO USE IT BY LAUNCHPAL SUPPORT. To get normal SSH access to your project, use the SSH access details.

This guide will help Launchpal support resolve an issue with one of your projects that can not be resolved using the normal SSH login details for your project.

The steps depend on the host you are using. We add more hosts as and when required.

Digital Ocean

Resetting root access for a Digital Ocean droplet is as easy as selecting Reset root password in the DO Console for your droplet. This will email you a new password. You can then use that password with SSH to login.

Once logged in you will need to choose your own permanent password and confirm it.

Amazon Web Services

⚠️ WARNING: Following the steps in this guide will change the IP of your instance and will cause an interruption to your traffic. So only follow these steps on old projects as instructed by support.

The projects created on AWS right now dont have a SSH access key set, and there is no way to reset the root password like you can with Digital Ocean.

The process to get SSH access to the main server therefore requires a few more steps then usual.

Make sure you are logged into your AWS Management Console, and you are viewing the EC2 service.


Here is a summary of the process you will following:

  • Detach volume from the project instance

  • Attach it to a temporary instance

  • Use SSH to update the authorized_keys file on the attached Volume

  • Re-attach as Root volume to the project instance

1) Set AWS Console to correct location

If your not seeing the instance for your project, double check your in the right region in AWS. You can see the region of your AWS project in the Launchpal interface below the project title (yellow underlined). The the example below the region is EU (Ireland).

If your not in the correct region, in the AWS Console, select the location dropdown in the top right, and select the right location from it.

2) Find your instance

You need to select the instance related to your project. The easiest way to do this is to search for the IP address shown in Launchpal (green underlined in the example above)

To make it easier to find in future, you may want to assign a name to it. Just hover over the name column, click the pencil icon and type a useful name, eg launchpal server to fix

3) Note root device path

Select the instance shown (it should only list one if you searched for the correct IP shown in Launchpal), and then in the panel at the bottom select "Description" tab and scroll down till you see the Root device in the right hand column like shown below and make a note of the Root device listed, e.g.: /dev/xvda as you will ned this later

4) Stop the instance

With the correct instance still selected, click the Actions button at the top and select Instance State > Stop

This will stop your instance. Wait for it shows Instance stopped

⚠️Stopping an instance on AWS will change it IP address and break the connection with Launchpal. If you want to continue using this instance after support have fixed it, please request this so they can assign the started instance to the correct project later on.

5) Detach the Volume

In the above shown details pain for the instance (select the instance if its not shown), click the link next to Root device which will pop up a small black modal window with further information like this, and make a note of the EBS ID

Next click the link for the EBS-ID. This will show you the details of the Volume attached to the instance.

Make sure the Volume is selected, and using the actions button at the top - click Detach Volume

Wait for this to complete. Whilst its doing this it may be useful to name the volume for easy reference.

6) Create a new temporary instance

In the AWS console in the same region, create a new instance quickly by selecting the Instances section in the AWS sidebar, and clicking the Launch Instance button.

Use the following choices/sections in the Create instance wizard:

  • Step 1 - choose "Amazon Linux AMI" - most likely the top one listed - by clicking Select next to it

  • Step 2 - choose t2.nano or micro, and click Review and Launch

  • Step 7 - Under Review, find the Security Groups section it should show a SSH rule. If not click Edit security groups

  • Step 6 - Make sure it now shows the SSH rule and click Review and Launch again

  • Step 7 - Click Launch

  • If you already have a preferred AWS key pair setup, select choose existing and pick that key pair. If you dont have one, or want to setup a temporary one - select Create new keypair, give it a name, and click "Download Key Pair"

  • Click Launch Instances

  • And wait for it to complete creation of the instance - there is an easy link on the page your viewing to go to the instance status. Just click it.

  • Hover over the instance Name column, click the pencil, and type a useful name like temp instance so its easy to recognise

7) Attach volume to new (temp) instance

Select the Volumes screen in the sidebar and select the volume you detached in Step 5. If you have lots of Volumes showing then search for the first few characters of the EBS-ID after vol-

For example, 04f

Select the volume, and click Actions > Attach Volume. Then select the Instance field which should show a drop down of instances. Choose the new instance you created in the previous step 6 - temp instance

The Device field will be preset on this occasion and you dont need to change it. Then click Attach

8) Set the new authorised public key on the new volume

This is the most complicated step that requires some commands on the terminal using SSH.

First, you need to connect with SSH to the new instance using the key you assigned in step 6, or created and downloaded. Ill assume here it was downloaded.

Get the IP for the temp instance:

If you are using the key file downloaded from AWS when creating the instance you need to make sure the key file is not read/write by group and others with the following command:

chmod go-rw /path/to/key

Then in your terminal connect to the instance, for example like this:

ssh -i /path/to/key ec2-user@IP-ADDRESS

As this is the first time your connecting via SSH - you will get a message asking for confirmation something like this. Just type yes:

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:ucQEa947XfpoDksse2/Vteqf9X9xd689TUbwpKV0YAM.
Are you sure you want to continue connecting (yes/no)?

If your connected it should show something like this:

Now that your logged in, you need to mount the volume you attached from the other instance and add the public keys to the authorised keys file.

Here is the sequence of commands - please amend as required. No need to enter commands with # as they are comments to help you

# create a new folder for the mounted volume

sudo mkdir /media/tempvol

# list the drives to get the disc/dev ID


# this command will output something like this

# xvda    202:0    0   8G  0 disk 
# └─xvda1 202:1    0   8G  0 part /
# xvdf    202:80   0  20G  0 disk 
# └─xvdf1 202:81   0  20G  0 part 

# note the line "part" with no mountpoint "xvdf1" in this case

sudo mount /dev/xvdf1 /media/tempvol/

# navigate to the correct folder

cd /media/tempvol/home/ec2-user/.ssh

# edit the authorised keys file, paste the public key(s), and save with Ctrl-X -> Yes

sudo nano -w authorized_keys

# make sure the userid & groupid are the same

grep ec2-user /etc/passwd && grep ec2-user /mount/tempvol/etc/passwd
grep ec2-user /etc/group && grep ec2-user /mount/tempvol/etc/group

# check to make sure authorised keys file has the correct userID

ls -all /mount/tempvol/home/ec2-user/.ssl

# leave the ssh session


9) Stop the instance & re-attach volume

Your almost done.

Now that the correct public key is saved on the volume, you can stop the instance and detach the volume.

On the instances page, select your temp instance from step 6 and select Instance State > Stop from the Actions button.

Once its stopped - go to the Volume section in the AWS Management Console, and select the volume from the broken Launchpal project that you attached under step 7.

Under Actions - Click Detach volume and wait for it to finish detaching.

Now click Actions again, and select Attach Volume

Choose the original Launchpal project instance from Step 2 and this time - change the Device value to the value you captured under Step 3, in my case this was /dev/xvda

Now start the Launchpal project instance from Step 2

  • Click Instances in the sidebar

  • Select the Launchpal instance from step 2

  • Click Actions > Instance State > Start

  • Wait for it to finish starting

10) Check you can now login to the server

Once the instance has started you can check the login fix worked. Just use SSH to the IP of the instance with the key you set. If the public key used in the earlier step was given to you by support, ask them to test it has all worked.

If SSH login with the key is not working then one of the things to check is to make sure that the group & user ID for the ec2-user user is the same on both instances.

If its not working - please contact support to explain any errors your seeing.

You may also want to take this opportunity to download and files using SFTP from your server that you need in future when you recreate the project. User files are normally stored in /var/www/user/.

11) Tidy up

Finally you just need to do some tidying up:

  • Destroy the temp instance you created in step 6 (Actions > Instace State > Terminate)

  • Remove any temporary key pairs you created when creating the temp instance

  • Contact support and provide them with the new IP for your Launchpal project instance so that they can do their diagnosis

  • When Support has finished - terminate the project instance in AWS and support will then remove it from your account

Last updated