There are two main reasons why you might get “Log in failed. If this instance has just started up, try again in a minute or two. CLIENT_UNAUTHORIZED [769]” in Amazon Lightsail browser based SSH login.
You will need SSH login from Putty, etc.
If you cannot remote in using SSH then you cannot fix this. This is only for using the Lightsail browser based SSH.
If you can’t use remote SSH, look at your instance firewall settings and make sure you’re IP is allowed.
Your machine’s clock is wrong
Check time with https://time.is/UTC (AWS is in UTC time)
sudo date -u
If there’s a mismatch for Ubuntu 18.x try:sudo timedatectl set-ntp off
sudo timedatectl set-ntp on
Or this:sudo dpkg-reconfigure tzdata
You are missing the AWS CA cert from /etc/ssh/sshd_config
Edit /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Scroll to the bottom and add this, then restart SSH:
TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub
You may also need to this in addition to the above:
CASignatureAlgorithms +ssh-rsa
Then:
sudo service ssh restart
Now login through the LightSail browser based SSH.
how??????/
you cant connect ssh
Not sure what you are asking.
This post is about not being able to use the LightSail browser based SSH terminal and fixing it with a direct SSH connection.
I agree. If you cannot connect to SSH, how are you going to execute the commands?
The error “CLIENT_UNAUTHORIZED” only appears when attempting to use the SSH web client while logged into LightSail.
In this situation, you can still SSH directly into the machine.
If you cannot access your machine via SSH then you need to solve for that.
I would assume that you need to allow SSH through the instance firewall. Go to the instance, select Networking, then add a rule to the firewall to allow SSH. You can limit it to all IPs or a single IP.
Once you’re done, don’t forget to turn the firewall rule off.
Thanks. I’m on Ubuntu 18.04 and the second option worked for me.
Thanks
Also adding CASignatureAlgorithms +ssh-rsa to the end fixed it for me.
So, add both of these to the end?
TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub
CASignatureAlgorithms +ssh-rsa
Yes that fixed it for me.
The TrustedUserCAKeys entry was already there so I just needed to add the second line.
Awesome and thanks – I modified the post.