EC2 Windows - 获取管理员密码
[英]EC2 Windows - Get Administrator Password
问题描述
Currently, the only way I know to retrieve the administrator password from a newly created EC2 windows instance is through the AWS management console. 
目前,我知道从新创建的EC2窗口实例检索管理员密码的唯一方法是通过AWS管理控制台。 This is fine, but I need to know how to accomplish this via the Java API - I can't seem to find anything on the subject. 这很好,但我需要知道如何通过Java API实现这一点 - 我似乎无法找到关于这个主题的任何内容。 Also, once obtained, how do I modify the password using the same API? 此外,一旦获得,我如何使用相同的API修改密码?
4 个解决方案
解决方案1
4 2012-03-14 12:59:04
The EC2 API has a call "GetPasswordData" which you can use to retrieve an encrypted block of data containing the Administrator password. EC2 API有一个调用“GetPasswordData”,您可以使用它来检索包含管理员密码的加密数据块。 To decrypt it, you need 2 things: 要解密它,你需要两件事:
First, the private key. 首先,私钥。 This is the private half of the keypair you used to instantiate the instance. 这是您用于实例化实例的密钥对的私有一半。 A complication is that normally Amazon uses keys in PEM format ("-----BEGIN"...) but the Java Crypto API wants keys in DER format. 复杂的是,通常亚马逊使用PEM格式的密钥(“----- BEGIN”...),但Java Crypto API需要DER格式的密钥。 You can do the conversion yourself - strip off the -----BEGIN and -----END lines, take the block of text in the middle and base64-decode it. 您可以自己进行转换 - 剥离----- BEGIN和----- END行,在中间取出文本块并对其进行base64解码。
Second, the encryption parameters. 二,加密参数。 The data is encrypted with RSA, with PKCS1 padding – so the magic invocation to give to JCE is: Cipher.getInstance("RSA/NONE/PKCS1Padding") 数据使用RSA加密,带有PKCS1填充 - 因此给予JCE的神奇调用是: Cipher.getInstance("RSA/NONE/PKCS1Padding")
Here's a full example (that relies on BouncyCastle, but could be modified to use a different crypto engine) 这是一个完整的例子(依赖于BouncyCastle,但可以修改为使用不同的加密引擎)
package uk.co.frontiertown;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.services.ec2.AmazonEC2Client;
import com.amazonaws.services.ec2.model.GetPasswordDataRequest;
import com.amazonaws.services.ec2.model.GetPasswordDataResult;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import javax.crypto.Cipher;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;
public class GetEc2WindowsAdministratorPassword {
private static final String ACCESS_KEY = "xxxxxxxxxxxxxxxxxxxx";
private static final String SECRET_KEY = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
private static final String PRIVATE_KEY_MATERIAL = "-----BEGIN RSA PRIVATE KEY-----\n" +
"MIIEowIBAAKCAQEAjdD54kJ88GxkeRc96EQPL4h8c/7V2Q2QY5VUiJ+EblEdcVnADRa12qkohT4I\n" +
// several more lines of key data
"srz+xXTvbjIJ6RL/FDqF8lvWEvb8uSC7GeCMHTznkicwUs0WiFax2AcK3xjgtgQXMgoP\n" +
"-----END RSA PRIVATE KEY-----\n";
public static void main(String[] args) throws GeneralSecurityException, InterruptedException {
Security.addProvider(new BouncyCastleProvider());
String password = getPassword(ACCESS_KEY, SECRET_KEY, "i-XXXXXXXX", PRIVATE_KEY_MATERIAL);
System.out.println(password);
}
private static String getPassword(String accessKey, String secretKey, String instanceId, String privateKeyMaterial) throws GeneralSecurityException, InterruptedException {
// Convert the private key in PEM format to DER format, which JCE can understand
privateKeyMaterial = privateKeyMaterial.replace("-----BEGIN RSA PRIVATE KEY-----\n", "");
privateKeyMaterial = privateKeyMaterial.replace("-----END RSA PRIVATE KEY-----", "");
byte[] der = Base64.decode(privateKeyMaterial);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(der);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
// Get the encrypted password data from EC2
AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
AmazonEC2Client client = new AmazonEC2Client(awsCredentials);
GetPasswordDataRequest getPasswordDataRequest = new GetPasswordDataRequest().withInstanceId(instanceId);
GetPasswordDataResult getPasswordDataResult = client.getPasswordData(getPasswordDataRequest);
String passwordData = getPasswordDataResult.getPasswordData();
while (passwordData == null || passwordData.isEmpty()) {
System.out.println("No password data - probably not generated yet - waiting and retrying");
Thread.sleep(10000);
getPasswordDataResult = client.getPasswordData(getPasswordDataRequest);
passwordData = getPasswordDataResult.getPasswordData();
}
// Decrypt the password
Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] cipherText = Base64.decode(passwordData);
byte[] plainText = cipher.doFinal(cipherText);
String password = new String(plainText, Charset.forName("ASCII"));
return password;
}
}
ObDisclosure: I originally answered this on a blog posting at http://www.frontiertown.co.uk/2012/03/java-administrator-password-windows-ec2-instance/ ObDisclosure:我最初在http://www.frontiertown.co.uk/2012/03/java-administrator-password-windows-ec2-instance/上的博客上回答了这个问题。
解决方案2
1 2011-04-05 17:50:10
You can create an instance, set the password and then turn it back into an image. 您可以创建实例,设置密码,然后将其重新转换为图像。 Effectively setting a default password for each instance you create. 有效地为您创建的每个实例设置默认密码。 Wouldn't this be simpler? 这不是更简单吗?
解决方案3
1 2011-08-29 02:22:07
看起来您正在寻找API的以下部分: GetPasswordDataRequest和GetPasswordDataResult
解决方案4
0 2013-10-28 05:37:04
You can also create a Image with default user name and Password setup on that Image.And then launch all instances with that image id..so that you dont need to create and retrieve password evry time..just launch your instance rdp that launched instance with definde credntials in Image. 您还可以在该Image上创建一个具有默认用户名和密码设置的图像。然后启动具有该图像id的所有实例。所以您不需要创建和检索密码evry time ..只需启动启动实例的实例rdp在图像中使用definde credntials。 I am doing same.And its perfectly working for me. 我正在做同样的事情。它完全适合我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.