2

I've been able to use the browser-based SSH client without any issues until today. Now, I'm getting the following error each time I try to connect. I've tried restarting, stopping/starting, and removing/adding back the static IP.

CONNECTION ERROR An error occurred and we were unable to connect or stay connected to your instance. If this instance has just started up, try again in a minute or two.

Here is a screenshot:

enter image description here

user3071284
  • 159
  • 1
  • 1
  • 9
  • Are you using DHCP on the client side that might have changed the address of your computer? You might need to update the address allowed to connect to SSH through the security group. – Carlo Miguel Cruz Jul 31 '17 at 01:47
  • No, not using DHCP or anything different. It's the same case for multiple computers I've tried. For Lightsail, there's no configuration like that; it just works out of the box when you launch the browser-based client while logged in. – user3071284 Jul 31 '17 at 12:45
  • "This question does not show any research effort; it is unclear or not useful" This question shows the research done and is useful to anyone else who has this issue. – user3071284 Jul 31 '17 at 12:46

6 Answers6

2
  1. To fix it, add following 2 lines to /etc/ssh/sshd_config
TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

CASignatureAlgorithms +ssh-rsa
  1. Restart
/etc/init.d/ssh restart

Problem Log in failed. If this instance has just started up, try again in a minute or two.

CLIENT_UNAUTHORIZED [769]

Ziegel
  • 21
  • 1
  • This solve my problem , recently I upgraded debian from debian 10 to debian 11 , and after that Iam unable to access the SSH using 'connect to ssh' from lightsail console and I got CLIENT_UNAUTHORIZED [769], and after I add what you said and restart sshd then Iam able to access the ssh using lightsail console again. – Mohammed Shannaq Jun 22 '22 at 11:25
  • I wasn't able to use the browser-based SSH tool on lightsail web console to connect to my instance after upgrading to debian 11 (while `ssh` command from my personal machine worked fine). The line `CASignatureAlgorithms +ssh-rsa` fixed it for me. – kotatsuyaki Jun 26 '22 at 06:46
2

The issue was I enabled the ufw firewall on Ubuntu and closed my SSH session. Naturally, I was unable to SSH back in on port 22 since only ports 80 and 443 were allowed at that point.

For Lightsail, I don't think there's a way around it, unless a snapshot from one instance can be loaded onto another instance.

For AWS, you can unmount and put the volume on a new instance: https://forums.aws.amazon.com/thread.jspa?threadID=112384

user3071284
  • 159
  • 1
  • 1
  • 9
  • 2
    I locked myself out the same way. I created the snapshot, created a new instance from that snapshot but ran with (sudo ufw allow ssh) in launch script which fixed the issue – SenG Oct 30 '18 at 14:18
1

I've seen this happen multiple times and it seems caused by incomplete setup of the server stack due to exhaustion of RAM memory... I don't know why this happens more on AWS than other clouds (even when I setup the exact same server stack).

Try to use a VM with at least 2GB memory and reinstall fresh.

Also I'm not 100% sure but I think port 22 is required for the AWS web-based Console to function regardless of changes you make to sshd_config... and keep in mind that the root user is disabled by default on AWS servers, even in Console mode, so using sudo is required.

On other clouds if there's any issues I can always use the Console to login as root and fix settings and reboot the server but this isn't supported on Amazon, so I use the default port 22 for SSH when using Amazon cloud servers. Also be sure you enable access to that port in both the Networking tab of the machine (AWS UI) and in any firewall too like UFW Firewall.

Besides all this, the Console has had general instability in the past as per @Carlo answer. Again, all of these challenges seem unique to Amazon...

I recommend using other clouds whenever possible lol.

Jesse Nickles
  • 250
  • 1
  • 12
0

Experienced same issue after I enabled ufw firewall on ubuntu 20.04 but had Installed webmin before this issue. So I used the webmin console to enable ssh via port 22 on the ufw.

suchar
  • 1
0

I had a similar problem after creating an Ubuntu 20 Lightsail VM then doing an in-place upgrade to Ubuntu 22 (via sudo do-release-upgrade). Luckily I added my own public key to the ubuntu user's authorized_keys file before the upgrade, so I was able to ssh in directly from my laptop after the upgrade completed.

The web-based SSH console, however, gave me a "CLIENT_UNAUTHORIZED [769]" error.

Examining /var/log/auth.log showed the following error:

sshd[1449]: userauth_pubkey: key type ssh-rsa-cert-v01@openssh.com not in PubkeyAcceptedAlgorithms [preauth]

This keytype is apparently not supported by default on Ubuntu 22 Jammy, though it was on Ubuntu 20 Focal. Compare the two man pages...

Search for PubkeyAcceptedKeyTypes: https://manpages.ubuntu.com/manpages/focal/man5/sshd_config.5.html

Search for PubkeyAcceptedAlgorithms: https://manpages.ubuntu.com/manpages/jammy/man5/sshd_config.5.html

I then edited my server's /etc/ssh/sshd_config to include the following at the bottom:

PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01@openssh.com

Then after a sudo service ssh restart, I was able to connect as expected from AWS's web-based SSH console again.

Drew
  • 1
  • 2
0

Found a solution from the AWS forums that encountered the same problem.

There seems to be an issue that happens with Lightsail setups wherein the web-based SSH service stops working properly for some reason. The advise was to create a snapshot of the Lightsail instance to preserve the current data then create a new instance that installs an updated SSH server using user-data similar to the following:

#!/bin/bash sudo apt-get remove openssh-client openssh-server sudo apt-get install openssh-client openssh-server

It says that web-based SSH might not be possible after since they seem to be using a special SSH configuration for it. You will need to SSH directly to the server using a SSH client.