How to Reset AWS Linux Server Root Password or Restore SSH Access (2025 Guide)

How to Reset AWS Linux Server Root Password or Restore SSH Access (Complete 2025 Guide)

If you’ve lost access to your AWS EC2 Linux server, forgotten your root password, or misplaced your SSH private key, don’t panic.

This step-by-step guide shows you three reliable methods to reset your root password or restore SSH access safely.

Before You Start

Before proceeding, keep in mind:
Always take an EBS snapshot before making disk changes.
On most AWS Linux AMIs, you log in as ec2-user, ubuntu, or centos not root.
After regaining access, re-secure your instance (disable password login again).

 Method 1 Reset AWS Root Password (If You Still Have SSH Access)
If you can still SSH into your instance using your private key, this is the fastest method.

Step 1: Connect via SSH
ssh -i /path/to/key.pem ec2-user@YOUR_SERVER_IP

Replace ec2-user with your OS username (ubuntu or centos if applicable).

Step 2: Set a New Root Password
sudo -i
passwd root

Enter your new password twice.

Step 3: (Optional) Enable Root SSH Login
If you need direct root login (not recommended), edit your SSH configuration:

sudo nano /etc/ssh/sshd_config

Find and change:
PermitRootLogin yes
PasswordAuthentication yes

Then restart the SSH service:
sudo systemctl restart sshd

Security Tip: Once confirmed, revert these options to no for better protection.

Method 2 Recover Lost SSH Key (Detach and Mount EBS Volume)
If you lost your private key, you can still regain access by attaching your root volume to another helper instance.

 Step 1: Stop the Instance
 Go to your AWS EC2 Console → Instances → Stop Instance (do not terminate).

 Step 2: Detach Root Volume
 Note the Device name (e.g., /dev/xvda)
 Detach the root volume.

 Step 3: Attach to a Helper Instance
 Attach the detached volume to another working EC2 instance as /dev/xvdf.

Step 4: Mount the Volume
SSH into the helper instance and mount the attached disk:

sudo mkdir /mnt/recover
sudo mount /dev/xvdf1 /mnt/recover

Step 5: Add a New SSH Key

Replace or add your public key to the instance’s authorized keys:

sudo mkdir -p /mnt/recover/home/ec2-user/.ssh
echo "ssh-rsa AAAAB3...yourkey..." | sudo tee -a /mnt/recover/home/ec2-user/.ssh/authorized_keys
sudo chmod 700 /mnt/recover/home/ec2-user/.ssh
sudo chmod 600 /mnt/recover/home/ec2-user/.ssh/authorized_keys

For Ubuntu, use /home/ubuntu/.ssh/authorized_keys.

Step 6: (Optional) Reset Root Password Using chroot

sudo mount --bind /dev /mnt/recover/dev
sudo mount --bind /proc /mnt/recover/proc
sudo mount --bind /sys /mnt/recover/sys
sudo chroot /mnt/recover
passwd root
exit
sudo umount /mnt/recover/{dev,proc,sys}

Step 7: Reattach Volume

Detach it from the helper instance, reattach to the original EC2 instance, and start it again.
You can now SSH into your server using your updated key or password.

Method 3 Reset Root Password Using AWS Systems Manager (SSM)

If SSM Agent is installed and the instance has the correct IAM Role, this is the easiest and safest method.

Step 1: Start a Session

Go to AWS Console → Systems Manager → Session Manager → Start session → Select your instance.

Step 2: Reset the Password
Once the session starts:

sudo passwd root

Or add your public key to the user’s authorized_keys file.

No need to detach disks or restart the instance.

Safety Checklist

Take EBS snapshots before any modification
Stop instance before detaching root volume
Mount volume only on instances in the same availability zone
Disable password authentication after recovery

 Final Thoughts

Restoring SSH access or resetting your AWS Linux root password isn’t complicated once you know the right approach.
Whether you use SSH access, SSM Session Manager, or the EBS detach-mount method, always secure your instance after recovery to prevent unauthorized access.

Summary:

Still have SSH? → Use Method 1
Lost private key? → Use Method 2 (EBS detach method)
Have SSM access? → Use Method 3 (simplest)