Record one server key failure experience, one server key failure

Record one server key failure experience, one server key failure

When I came to the company in the morning, my heart crashed.

"Instructor tim, the remote logon key of the test server is invalid." I asked him if he had made any changes. The exact response was "I uploaded some code ", I asked again and insisted that I only uploaded some code.
This is a big problem,
1. As far as this machine is concerned, it has not done anything. "Just uploaded the code" will render the key unavailable for two years. This machine is in a hurry to build a test server. This test server has been set up for more than a week. It has always been said that the code is not ready, and now it is coming out again.
2. There are a total of 11 formal servers and test servers. If all the servers have this problem at some point, I can't do it anymore.

Connect to the system to see the following information,

'' ssh -p 50000 -i pwawscn.pem ubuntu@54.223.xx.xxx'' ubuntu@54.223.xx.xxx's password:

 

Previously, it took more than a year to log on with a key. It was impossible to jump out of the password prompt. First, we suspect that sshd-config has been changed. Check, no problem, ssh configuration is to use both the key and password can log on. A little puzzled, I still log on with a password (for a long time, I haven't touched it for a long time, and my memory is also blurred). I vaguely remember that I used to log on with a password at the beginning, I checked the previous password-filling document and found a user name and password. I logged on to the document.

I tried to find all the files modified within two days, but it may be because there are too many files, or because of permissions, no useful information was found.

After submitting the technical support to aws at noon (our service is on aws), I asked my colleague again before he told me that he had installed git, it may be because git re-generates the key and overwrites the previous key. Tell me to install git and code together without affecting the system. There should be no problem, right? I'm dizzy.

It must be on this public key. The problem is, can we still restore it to the previous public/key pair? Otherwise, it would be inconvenient for other machines to be managed in a unified manner, and some scripts had to be modified again.

In the afternoon, with the help of aws technical support, we compared it with other services with normal connection. The problem is indeed found.
In home/ubuntu/. ssh, the following files are displayed on a normal machine: (two files)

authorized_keys known_hosts

On the faulty machine, I wrote the following files: (three files)

id_rsa id_rsa.pub know_hosts

View time,Id_rsaAndId_rsa.pubMy colleague generated a new version for git last night.

The solution provided by aws is simple. You can copy authorized_keys directly from a normal machine. A new backup folder is created to move unwanted items (including git keys) into the folder, leaving only two files (Authorized_keys and known_hosts. You can use the previous command to directly access it.

ssh -p 50000 -i pwawscn.pem ubuntu@54.223.xx.xxx

I found some articles on the Internet that generate the public key and private key. Generally usedSsh-keygenGenerateId_rsa (private key)AndId_rsa.pub (Public Key)The private key must be saved by yourself, and the public key must be changed to the file name recognized by the system.Authorized_keysPut it under. ssh.

Since this public key can be copied from other machines, it can be seen that the generation of the public key and the key has nothing to do with the specific machine, and the generation process does not use information related to the specific machine. Also, the key pair is associated with a specific user.

 

In addition, we need to introduce a mature O & M tool to quickly browse ansible.