So when connecting to an instance, I was prompted for a password even though I never set which was weird. The error I was getting was the following:

When logging in as ec2-user:

you are required to change your password immediately (password aged)
Last login: Sat Aug 11 00:16:08 2018 from 10.100.32.12
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user ec2-user.
Changing password for ec2-user.
(current) UNIX password:

When logging in as root:

Authenticating with public key “Imported-Openssh-Key: C:\MobaXterm_Portable_v10.9\hlsmtc.pem”
Server refused public-key signature despite accepting key!
root@10.100.41.176’s password:

To resolve the issue, I unmounted the volumes and mounted them to a recovery instance then did the following:

$chroot /mnt   <—- my temp mount point

$chage -l ec2-user    <—- command to check password settings

chage -l ec2-user
Last password change : Oct 11, 2017
Password expires : Jan 09, 2018
Password inactive : never
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 90
Number of days of warning before password expires : 7

Looking at the line above “Maximum number of days between password change : 90” we see that its set to 90 days and as the AMI was created last year, this would cause an issue. So I needed to change this, which I did in the /etc/login.defs file.

# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 90
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7

As you can see, PASS_MAX_DAYS is set to 90. I changed this to the following:

PASS_MAX_DAYS 99999

After making the above change and re-attching the volume to my instance, I could ssh without being prompted for a password.

 

Leave a Reply

Your email address will not be published. Required fields are marked *