Fix Home Directory Permissions for SSH Logins on AWS Instance
What happens when you accidentally change the permissions on the ec2-user’s home directory in an AWS instance? You get locked out – no more SSH access!
Before you panic (like I did at first), there is a solution.
- Shutdown the instance that is affected
- Make a note of the root (/) volume name and detach it (hopefully you chose an EBS backed volume for your root partition) from the instance. This is most likely attached as /dev/sda1 (this is VERY important later)
- Attach the volume to another instance (if you don’t have another one, just launch one) and name it something or accept the one chosen for you. In this case, we’ll assume /dev/sdd (you can add 1 to the end of it if you’re picky, but I just stuck with the default – it DOES matter in the next step)
- Mount the volume you just attached:
- As root on the other volume type:
- “mkdir /aws-root” (to create the mount point
- “mount /dev/xvdd /aws-root” (Linux renames the device by changing the ‘s’ to an ‘xv’ – most likely a Xen thing. NOTE: the device has to have the same name you gave it when you attached it – taking into consideration the Xen device name change. In other words, /dev/sdd becomes /dev/xvdd; /dev/sde becomes /dev/xvde; and so on.
- Now you have the volume mounted and can change the home directory permissions. Using our mount point, they would be located in /aws-root/home/ec2-user:
- “chmod 700 /aws-root/home/ec2-user”
- Unmount the volume (make sure you’re not in the directory by doing a quick pwd first):
- “umount /aws-root”
- Detach the volume from the instance
- Attach the volume to the original instance. This time, BE SURE to name it /dev/sda1 <– the 1 is IMPORTANT – otherwise your instance won’t boot because the kernel won’t be able to find your root partition!!
Start your instance up again and you should now be able to login again with SSH.