Comment on page
Server root access
The steps depend on the host you are using. We add more hosts as and when required.
Resetting root access for a Digital Ocean droplet is as easy as selecting
Reset root passwordin the DO Console for your droplet. This will email you a new password. You can then use that password with SSH to login.
Once logged in you will need to choose your own permanent password and confirm it.
⚠️ WARNING: Following the steps in this guide will change the IP of your instance and will cause an interruption to your traffic. So only follow these steps on old projects as instructed by support.
The projects created on AWS right now dont have a SSH access key set, and there is no way to reset the root password like you can with Digital Ocean.
The process to get SSH access to the main server therefore requires a few more steps then usual.
Make sure you are logged into your AWS Management Console, and you are viewing the EC2 service.
Here is a summary of the process you will following:
- Detach volume from the project instance
- Attach it to a temporary instance
- Use SSH to update the authorized_keys file on the attached Volume
- Re-attach as Root volume to the project instance
If your not seeing the instance for your project, double check your in the right region in AWS. You can see the region of your AWS project in the Launchpal interface below the project title (yellow underlined). The the example below the region is EU (Ireland).
If your not in the correct region, in the AWS Console, select the location dropdown in the top right, and select the right location from it.
You need to select the instance related to your project. The easiest way to do this is to search for the IP address shown in Launchpal (green underlined in the example above)
To make it easier to find in future, you may want to assign a name to it. Just hover over the name column, click the pencil icon and type a useful name, eg
launchpal server to fix
Select the instance shown (it should only list one if you searched for the correct IP shown in Launchpal), and then in the panel at the bottom select "Description" tab and scroll down till you see the Root device in the right hand column like shown below and make a note of the Root device listed, e.g.:
/dev/xvdaas you will ned this later
With the correct instance still selected, click the
Actionsbutton at the top and select
This will stop your instance. Wait for it shows
⚠️Stopping an instance on AWS will change it IP address and break the connection with Launchpal. If you want to continue using this instance after support have fixed it, please request this so they can assign the started instance to the correct project later on.
In the above shown details pain for the instance (select the instance if its not shown), click the link next to
Root devicewhich will pop up a small black modal window with further information like this, and make a note of the EBS ID
Next click the link for the EBS-ID. This will show you the details of the Volume attached to the instance.
Make sure the Volume is selected, and using the actions button at the top - click
Wait for this to complete. Whilst its doing this it may be useful to name the volume for easy reference.
In the AWS console in the same region, create a new instance quickly by selecting the
Instancessection in the AWS sidebar, and clicking the
Use the following choices/sections in the Create instance wizard:
- Step 1 - choose "Amazon Linux AMI" - most likely the top one listed - by clicking
Selectnext to it
- Step 2 - choose t2.nano or micro, and click
Review and Launch
- Step 7 - Under Review, find the
Security Groupssection it should show a SSH rule. If not click
Edit security groups
- Step 6 - Make sure it now shows the SSH rule and click
Review and Launchagain
- Step 7 - Click
- If you already have a preferred AWS key pair setup, select
choose existingand pick that key pair. If you dont have one, or want to setup a temporary one - select
Create new keypair, give it a name, and click "Download Key Pair"
- And wait for it to complete creation of the instance - there is an easy link on the page your viewing to go to the instance status. Just click it.
- Hover over the instance Name column, click the pencil, and type a useful name like
temp instanceso its easy to recognise
Volumesscreen in the sidebar and select the volume you detached in Step 5. If you have lots of Volumes showing then search for the first few characters of the EBS-ID after
Select the volume, and click
Actions > Attach Volume. Then select the
Instancefield which should show a drop down of instances. Choose the new instance you created in the previous step 6 -
Devicefield will be preset on this occasion and you dont need to change it. Then click
This is the most complicated step that requires some commands on the terminal using SSH.
First, you need to connect with SSH to the new instance using the key you assigned in step 6, or created and downloaded. Ill assume here it was downloaded.
Get the IP for the temp instance:
If you are using the key file downloaded from AWS when creating the instance you need to make sure the key file is not read/write by group and others with the following command:
chmod go-rw /path/to/key
Then in your terminal connect to the instance, for example like this:
ssh -i /path/to/key ec2-user@IP-ADDRESS
As this is the first time your connecting via SSH - you will get a message asking for confirmation something like this. Just type yes:
The authenticity of host '22.214.171.124 (126.96.36.199)' can't be established.
ECDSA key fingerprint is SHA256:ucQEa947XfpoDksse2/Vteqf9X9xd689TUbwpKV0YAM.
Are you sure you want to continue connecting (yes/no)?
If your connected it should show something like this:
Now that your logged in, you need to mount the volume you attached from the other instance and add the public keys to the authorised keys file.
Here is the sequence of commands - please amend as required. No need to enter commands with
#as they are comments to help you
# create a new folder for the mounted volume
sudo mkdir /media/tempvol
# list the drives to get the disc/dev ID
# this command will output something like this
# NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
# xvda 202:0 0 8G 0 disk
# └─xvda1 202:1 0 8G 0 part /
# xvdf 202:80 0 20G 0 disk
# └─xvdf1 202:81 0 20G 0 part
# note the line "part" with no mountpoint "xvdf1" in this case
sudo mount /dev/xvdf1 /media/tempvol/
# navigate to the correct folder
# edit the authorised keys file, paste the public key(s), and save with Ctrl-X -> Yes
sudo nano -w authorized_keys
# make sure the userid & groupid are the same
grep ec2-user /etc/passwd && grep ec2-user /mount/tempvol/etc/passwd
grep ec2-user /etc/group && grep ec2-user /mount/tempvol/etc/group
# check to make sure authorised keys file has the correct userID
ls -all /mount/tempvol/home/ec2-user/.ssl
# leave the ssh session
Your almost done.
Now that the correct public key is saved on the volume, you can stop the instance and detach the volume.
On the instances page, select your
temp instancefrom step 6 and select
Instance State > Stopfrom the
Once its stopped - go to the Volume section in the AWS Management Console, and select the volume from the broken Launchpal project that you attached under step 7.
Under Actions - Click
Detach volumeand wait for it to finish detaching.
Actionsagain, and select
Choose the original Launchpal project instance from Step 2 and this time - change the
Devicevalue to the value you captured under Step 3, in my case this was
Now start the Launchpal project instance from Step 2
Instancesin the sidebar
- Select the Launchpal instance from step 2
- Wait for it to finish starting
Once the instance has started you can check the login fix worked. Just use SSH to the IP of the instance with the key you set. If the public key used in the earlier step was given to you by support, ask them to test it has all worked.
If SSH login with the key is not working then one of the things to check is to make sure that the group & user ID for the
ec2-useruser is the same on both instances.
If its not working - please contact support to explain any errors your seeing.
Finally you just need to do some tidying up:
- Destroy the temp instance you created in step 6 (Actions > Instace State > Terminate)
- Remove any temporary key pairs you created when creating the temp instance
- Contact support and provide them with the new IP for your Launchpal project instance so that they can do their diagnosis
- When Support has finished - terminate the project instance in AWS and support will then remove it from your account