How can I recover SSH access to a amazon EC2 instance after UFW firewall activation by accident? - McMap

About

How can I recover SSH access to a amazon EC2 instance after UFW firewall activation by accident?

Asked 30/1, 2014 at 16:6 Answered 15/5 at 6:42

amazon-ec2 ssh ubuntu-12.04

I

4

20

I have activated UFW firewall in an EC2 ubuntu server 12.04 instance, but I forgot to allow access to port 22. Now I can't connect to the instance via SSH. This instance is EBS backed.

How can I recover SSH access to a amazon EC2 instance after UFW firewall activation by accident?

Intranuclear answered 30/1, 2014 at 16:6 Comment(0)

I

27

Well, thanks to EBS there is a solution.

Stop your instance
Attach your EBS volume to another instance. if you don't have one, create a micro instance.
Mount yor EBS volume somewhere ie. /opt/recover
List item
Edit {your-ebs-mount}/etc/ufw/ufw.conf and change enabled=yes to enabled=no
Umount the EBS
Detach from the temp instance
Reattach to the original instance. (make sure to attach as root)
Restart the instance

Now you firewall is disbled in your instance, so you can access it via ssh.

Intranuclear answered 30/1, 2014 at 16:6 Comment(5)

Glad you found the answer! – Upgrowth 30/1, 2014 at 16:13

@Intranuclear I love you man ! Just one thing to add to this. When you re attach your drive (if it was your root drive or only drive), make sure you attach it to the correct mount point aka sda1 – Asexual 17/2, 2016 at 18:46

If you create a new instance remember to create in on the same Availability Zone as it is not possible to attach volumes to different Zones. – Merriweather 21/6, 2016 at 18:59

This is why I love this community. Thank you so much! – Harberd 22/2, 2017 at 5:16

You just saved me an incredible amount of time, thank you. – Clearsighted 23/6, 2019 at 5:54

I

21

Step 1: Open view/change user data in instance settings.
Step 2: Add the script(mentioned below) and save it.

#cloud-config
bootcmd:
- cloud-init-per always fix_broken_ufw_1 sh -xc "/usr/sbin/service ufw stop >> /var/tmp/svc_$INSTANCE_ID 2>&1 || true" 
- cloud-init-per always fix_broken_ufw_2 sh -xc "/usr/sbin/ufw disable>> /var/tmp/ufw_$INSTANCE_ID 2>&1 || true"

Step 3: Restart the instance:(machine ip will be changed) Script will executed on boot, ufw will be disabled.

Now we can connect the instance through ssh.

Reference(step by step with screenshot): https://github.com/ibrahim45/configuration/blob/master/boot_script_instance.md

Ipa answered 16/9, 2019 at 16:55 Comment(3)

Thanks brother..I was facing this issue for past 2 days..thank you.. It should be an accepted answer. – Kazbek 31/3, 2020 at 18:57

Long live brother, this is a quick and easy fix thanks – Mortonmortuary 13/10, 2022 at 6:14

Definitely should be the accepted answer. I spent quite some time to what I did wrong. Finally understood I activated the firewall by mistake. Lesson: Always manage ports from security groups! – Affliction 4/5 at 12:14

A

6

Another way, super easy: Easiest way is to update the instance's user data

Stop your instance

Right click (windows) or ctrl + click (Mac) on the instance to open context menu, then go to Instance Settings -> Edit User Data or select the instance and go to Actions -> Instance Settings -> Edit User Data

If you're still on the old AWS console, select the instance, go to Actions -> Instance Settings -> View/Change User Data

And paste this

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
ufw disable
iptables -L
iptables -F
--//

Once added, restart the instance and ssh should work. The userdata disables ufw if enabled and also flushes any iptable rules blocking ssh access

Antonyantonym answered 12/8, 2021 at 7:54 Comment(0)

C

0

my EC2 instance is inaccessible and in /etc/ufw/ufw.conf enabled is already set to no as enabled=no

I have tried the user data script as well but still no success.

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
ufw disable
iptables -L
iptables -F
--//

Carrot answered 15/5 at 6:42 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.