So when connecting to an instance, I was prompted for a password even though I never set which was weird. The error I was getting was the following:
When logging in as ec2-user:
you are required to change your password immediately (password aged)
Last login: Sat Aug 11 00:16:08 2018 from 10.100.32.12
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user ec2-user.
Changing password for ec2-user.
(current) UNIX password:
When logging in as root:
Authenticating with public key “Imported-Openssh-Key: C:\MobaXterm_Portable_v10.9\hlsmtc.pem”
Server refused public-key signature despite accepting key!
To resolve the issue, I unmounted the volumes and mounted them to a recovery instance then did the following:
$chroot /mnt <—- my temp mount point
$chage -l ec2-user <—- command to check password settings
chage -l ec2-user
Last password change : Oct 11, 2017
Password expires : Jan 09, 2018
Password inactive : never
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
Looking at the line above “Maximum number of days between password change : 90” we see that its set to 90 days and as the AMI was created last year, this would cause an issue. So I needed to change this, which I did in the /etc/login.defs file.
# Password aging controls:
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
As you can see, PASS_MAX_DAYS is set to 90. I changed this to the following:
After making the above change and re-attching the volume to my instance, I could ssh without being prompted for a password.
No token or token has expired.