Remember server key failure experience

Source: Internet
Author: User

Come to the company in the morning, received this news, my heart is broken.

"Tim Teacher, the test server's remote login key has failed", I asked him, what changes did not, get the exact reply is "just upload some code", again asked, insisted only uploaded some code, certainty.
This is a big problem,
1. As far as this machine is concerned, nothing is done, "just uploading the Code", which results in a two-year key not being used, and the machine is anxious to build a test server. This test server has been set up for one weeks, has been said that the code is not ready, and now jumped out of this, it is a moth ah.
2. All including the official server and the test server altogether 11. If all the servers are out there at some point, I can't do it anymore.

Let's go up first and show the following,

"' SSH 50000 -i PWAWSCN.PEM [email protected]54.223. xx.xxx" [email protected]  54.223. Xx.xxx's password:

Previously configured with a key login, it took more than a year, it is impossible to jump out of this password hint. First of all, it must be suspected that sshd-config was changed. View, no problem, SSH configuration is with key and password can log in. A little puzzled, I still open password login AH (time a long, haven't touched, their memory also blurred), vaguely remember the first time is open password login, check a password before checking the document, found that there is a user name and password, unexpectedly login up, exultation.

Try to find all the files that were modified within two days, but it may be because there are too many files, or because of the permissions, no useful information is found.

After the technical support that was submitted to AWS at noon (our service is on AWS), I asked my colleague again, and he told me that he had installed git, possibly because git regenerated the key and overwritten the previous one. Tell me to put git and the code together, do not affect the system, there should be no problem, I was dizzy dead.

It must be on the public key. The question is can it be restored to the previous pair of public/key? Otherwise it is not easy to manage with other machines, and some scripts have to be re-changed.

This afternoon, with the help of AWS technical support, is compared to other services that are connected properly. Did find the problem.
Under Home/ubuntu/.ssh, the following files are on the normal machine: (two files)

Authorized_keys known_hosts


And I'm on the wrong machine. The following file: (three file (s))

Id_rsa id_rsa.pub know_hosts


Look at the time,Id_rsa and id_rsa.pub is the last night colleagues for git new generation.

The solution offered by AWS classmates is also simple, just copy the Authorized_keys from the normal machine. Create a new backup folder, you will not have anything (including Git key) to move in, leaving only two files (Authorized_keys and known_hosts), you do not have to restart the service. You can access it directly with the previous command.

SSH 50000 -i PWAWSCN.PEM [email protected]54.223. xx.xxx

A few articles on the web were looked up to generate public key keys. Generally use Ssh-keygen to generate the Id_rsa (private key) and id_rsa.pub (public key), the private key to save itself, the public key to change the system-recognized file name Authorized_keys placed under. ssh.

Since this public key can be copied from other machines, it can be seen that the generation of public keys and keys is not related to the specific machine, and the generation process does not use the information associated with the specific machine. Also, this pair of keys is associated with a specific user.

Also, consider introducing a mature OPS tool to get a quick look at ansible.

Remember server key failure experience

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.