I had a similar problem after creating an Ubuntu 20 Lightsail VM then doing an in-place upgrade to Ubuntu 22 (via sudo do-release-upgrade
). Luckily I added my own public key to the ubuntu user's authorized_keys file before the upgrade, so I was able to ssh in directly from my laptop after the upgrade completed.
The web-based SSH console, however, gave me a "CLIENT_UNAUTHORIZED [769]" error.
Examining /var/log/auth.log
showed the following error:
sshd[1449]: userauth_pubkey: key type ssh-rsa-cert-v01@openssh.com not in PubkeyAcceptedAlgorithms [preauth]
This keytype is apparently not supported by default on Ubuntu 22 Jammy, though it was on Ubuntu 20 Focal. Compare the two man pages...
Search for PubkeyAcceptedKeyTypes
:
https://manpages.ubuntu.com/manpages/focal/man5/sshd_config.5.html
Search for PubkeyAcceptedAlgorithms
:
https://manpages.ubuntu.com/manpages/jammy/man5/sshd_config.5.html
I then edited my server's /etc/ssh/sshd_config
to include the following at the bottom:
PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01@openssh.com
Then after a sudo service ssh restart
, I was able to connect as expected from AWS's web-based SSH console again.