AWS provides no password for the root user. If root is locked out, we use a backdoor login with root privileges through the EC2 Console.


Configure a Backdoor Login


There are cases where root login fails, even after a stop/start of the EC2 instance. A backdoor user login or a rebuild from a snapshot are our options. A user needs a strong password.

Let’s add a user:

(When adding a user, if you get an error, see the fix below)

--> Use your own user and password/ This examle uses "brew". I use the vi editor.

adduser brew

--> "passwd brew" will add the password if you need to do so manually.

vi /etc/sudoers

--> at the end of the file add:

brew ALL=(ALL) NOPASSWD:ALL

--> 
SHIFT : w! to save
SHIFT ZZ to exit
<--

cd /home/ec2-user
cp -pr .ssh ../SSH_BACKUP

If you get this error when adding a user:

[sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files!
Higher version of database is expected!
In order to upgrade the database, you must run SSSD.
Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials.
Could not open available domains

To fix this, do the following:

cd /var/lib/sss/db
rm *
sss_cache -E

 

Then add the backdoor user, or if already created, add the password.

Then add permissions:

usermod -aG adm brew
usermod -aG root brew

Disclaimer: This content is provided as reference only and reflects practical experience at the time of writing. Technology and best practices change, so examples may require modification. No warranty is provided. Always test configurations on a development system before using them in production.
Category: EC2 Linux