Recovering opc user SSH Key - OCI

-
Recovering opc user SSH Key on OCI
=====================================
Today i came across the situation where my colleague has created UNIX instance on oci and then she lost opc user private keys.  Due to that she was not able to login to that instance and no one has access to this instance as well. It can happen with any one who is trying to connect into their Oracle Cloud Infrastructure instance but either you forgot which key you used or, for some unknown reason, your opc user SSH key got corrupted or deleted. It might be scary at first, but the process to recover an opc user SSH key on Oracle Cloud Infrastructure is easy.
So if you get a "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)" error when trying to connect via SSH, follow this process to recover your key.
Summary ( High Level Steps
  1. Stop the instance that you can't log in to.
  2. Detach the boot volume.
  3. Attach the boot volume to a running Linux instance.
  4. Run the iSCSI commands to attach the device and make it visible to the local operating system.
  5. Fix the authorized_keys file.
  6. Unmount the device and detach it by running the iSCSI commands.
  7. Attach the boot volume to the original instance and start it.
Process
  1. Stop the instance that you can’t connect to (Server 2 - OPC User Keys Lost, AD 2). In the Oracle Cloud Infrastructure Console, go to the details page for the instance and click Stop.

2. Detach the boot volume. In the Boot Volume section, click the Actions icon and choose Detach.
3. Attach the boot volume to another Linux instance (Server1, AD1) by going to the details page of a different VM, clicking Attach Block Volume, and then selecting the boot volume that you just detached in the previous step. Be sure to select Read/Write access.

Go back to detach boot volume and get OCID.
I purposely tried to show this limitation. You can not attach Block Volume across different AD. Both boot volume should be in same AD group.
I have another instance in availability domain 2 . let's use that and move further.
Now you can see drop down list is showing AD 2 volume automatically . chose it.
Click Attach.

 4. After the boot volume attachment is completed (the BV icon is green), connect through SSH in the running VM and run the iSCSI commands to make that new disk available and visible by the OS.




Your boot-volume should appear as /dev/sdb.
5. Make /dev/sdb3, which is the root (/) partition where you can recover the opc SSH key file, available to the local operating system using "mount" command. Be sure to use the -o nouuid option; otherwise, you will see the "mount: wrong fs type, bad option, bad superblock on /dev/sdb3" error message.

$  sudo mount -o nouuid /dev/sdb3 /mnt
6. Fix the opc SSH key by editing the /mnt/home/opc/.ssh/authorized_keys file and adding your SSH new key public file.

$  sudo vi /mnt/home/opc/.ssh/authorized_keys
After you add or change the SSH public key you need to use, save and exit it.

Run umount /mnt.

$  sudo umount /mnt
7. Detach the iSCSI boot volume by running the detach iSCSI commands.
8. Ensure that the /dev/sdb disk is no longer available or visible through the SSH connection, and then detach it.
9. Reattach the boot volume to the instance where you wanted to recover the SSH key, wait for it to become operational (green icon) and start it.
Lets try to connect to this server using new keys.
We recovered our opc user SSH key and we can now log back into the instance. We can also use this process for troubleshooting the root (/) partition.
This whole process will take 20 minutes ..
Happy Learning. 


Comments

  1. Nakshon24 March 2022 at 22:02

    How do i create a /dev/sdb3 partitions???

    ReplyDelete
  2. Anonymous7 April 2022 at 19:30

    Recovering Opc User Ssh Key - Oci >>>>> Download Now

    >>>>> Download Full

    Recovering Opc User Ssh Key - Oci >>>>> Download LINK

    >>>>> Download Now

    Recovering Opc User Ssh Key - Oci >>>>> Download Full

    >>>>> Download LINK oT

    ReplyDelete

Post a Comment

Popular posts from this blog

Workflow Agent Listener Service WF_DEFERRED + Business Event not processing

-
Workflow Agent Listener Service WF_DEFERRED Will Not Start, Mailer May Be Down To implement the solution, please execute the following steps: 1.  Use this query to identify any remaining items in wf_deferred queue: SQL> select corrid, decode(state, 0, '0 = Ready', 1, '1 = Delayed', 2, '2 = Retained', 3, '3 = Exception', to_char(state)) State, count(*) COUNT from wf_deferred group by corrid, state; 2. Items with the APPS corrid will not dequeue from agent listener via service container.  This runs the deferred listener from the command lin e . Make sure that the listener and workflow service components - including the mailer - are down before you run this . This is not intended to be a substitute for the normal operation of this service container from the OAM console. Use this only during this cleanup operation. One will have to run this script manually: begin wf_log_pkg.wf_debug_flag := TRUE; wf_event...
Read more

Output Post Processor - EBS 12.2.4 Troubleshoot

-
Output Post Processor TroubleShooting Issue 1 Output Post Processor is Down with Actual Process is 0 And Target Process is 1 1. Shutdown Concurrent Managers 2. To ensure concurrent manager down; check there is no FNDLIBR process running. ps -ef | grep FNDLIBR 3. Run adadmin to relink FNDSVC executable. a. Invoke adadmin from command prompt b. Choose option 2 (2. Maintain Applications Files menu) c. Choose option 1 (1. Relink Applications programs ) d. Then type FND When prompted; ( Enter list of products to link (all for all products) [all] : FND ) e. Ensure adrelink is exiting with status 0 4. Start Concurrent Managers 5. Check the Output Post Processor Issue 2 Concurrent Processing  R12 Output Post Processor Service Not Coming Up Reason : If Service Manager for the node is not running.  Possible cause might be service manager definition is missing under Concurrent ->Manager ->Define form. If the Service Manager is not pr...
Read more

How to Diagnose Workflow Notification Mailer Issue

-
Outbound Notification Emails : 1. Check if the notification is present in the recipient/user's Worklist/Notifications page.If it does not exist     then it means that notification itself is not created and need to check the corresponding workflow     status.You may also query the notification from the wf_notifications table SQL> select recipient_role,notification_id,status,mail_status from wf_notifications where recipient_role like '&user_name';    The e-mail notification is sent only if all of following are true.                --Notification status is OPEN or CANCELED                --Notification mail_status is MAIL or INVALID 2. Check Recipient role has a valid e-mail address and notification preference MAIL% SELECT email_address, nvl(WF_PREF.get_pref(name, 'MAILT...
Read more