获取AWS lightsail Windows server RDP密码

作者

LIU Yu，在Hunter的帮助下

场景

创建lightsail的linux server时已经生成SSHkey，建立Windows的实例（Instance）时，并未提示输入管理员密码。登录时，找密码登录，提示

“Decipher your password

You used the "keyname" key when you created this instance. See the instructions to decipher the password from the CLI(https://lightsail.aws.amazon.com/ls/docs/en_us/articles/use-non-default-key-with-windows-based-instance-in-lightsail)

按步骤操作，获取了ciphertext，但解密尝试多种方法均失败，唯一一次接近成功，报错“

Got error message
RSA operation error
140244907500736:error:0406506C:rsa routines:rsa_ossl_private_decrypt:data greater than mod len:../crypto/rsa/rsa_ossl.c:402:”

解决办法与步骤

1. 获取ciphertext。在lighsail控制台，下方，找到Cloushell，点击，进入AWS CLI。输入命令

   aws lightsail get-instance-access-details --instance-name yourinstancename

   输出内容包含

       "accessDetails": {
   {
       "accessDetails": {
           "ipv6Addresses": [
               "windows server ipv6 address"
           ],
           "password": "",
           "passwordData": {
               "ciphertext": "PjIS0CC8hXPPUe7z0XHXbNMo6vgWWMkihhc3zZDlX75HiC3kYROTN9pLN221dVSEIeHbkkBbFl5Bdpj9vKjBxchg=="

   拷贝ciphertext，进入一台linux服务器shell，本环境是Debian

2. 用Base64解码ciphertext。将ciphertext存入文件，命名ciphertextfile ，用Base64解码

   openssl enc -a -d -in ./ciphertextfile -out Base64Decodeciphertextfile

    

3. 使用SSH key解密。将key拷贝入linux服务器，命名key。解密输出到output文件。

   openssl rsautl -decrypt -inkey ./key -in ./Base64Decodeciphertextfile -out output

    

参考文件：

See the instructions to decipher the password from the CLI，https://lightsail.aws.amazon.com/ls/docs/en_us/articles/use-non-default-key-with-windows-based-instance-in-lightsail，

Openssl "data greater than mod len", Mar 24, 2019 at 17:42, Oli，https://stackoverflow.com/questions/23205592/openssl-data-greater-than-mod-len