How to fix AWS Lightsail CLIENT_UNAUTHORIZED [769]

Published on Author JF9 Comments
amazon lighstail

There are two main reasons why you might get “Log in failed. If this instance has just started up, try again in a minute or two. CLIENT_UNAUTHORIZED [769]” in Amazon Lightsail browser based SSH login.

You will need SSH login from Putty, etc.

If you cannot remote in using SSH then you cannot fix this. This is only for using the Lightsail browser based SSH.

If you can’t use remote SSH, look at your instance firewall settings and make sure you’re IP is allowed.

Your machine’s clock is wrong

Check time with https://time.is/UTC (AWS is in UTC time)
sudo date -u

If there’s a mismatch for Ubuntu 18.x try:
sudo timedatectl set-ntp off
sudo timedatectl set-ntp on

Or this:
sudo dpkg-reconfigure tzdata

You are missing the AWS CA cert from /etc/ssh/sshd_config

Edit /etc/ssh/sshd_config

sudo nano /etc/ssh/sshd_config

Scroll to the bottom and add this, then restart SSH:

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

You may also need to this in addition to the above:

CASignatureAlgorithms +ssh-rsa

Then:

sudo service ssh restart

Now login through the LightSail browser based SSH.

9 Responses to How to fix AWS Lightsail CLIENT_UNAUTHORIZED [769]

    • Not sure what you are asking.

      This post is about not being able to use the LightSail browser based SSH terminal and fixing it with a direct SSH connection.

      • The error “CLIENT_UNAUTHORIZED” only appears when attempting to use the SSH web client while logged into LightSail.

        In this situation, you can still SSH directly into the machine.

        If you cannot access your machine via SSH then you need to solve for that.

        I would assume that you need to allow SSH through the instance firewall. Go to the instance, select Networking, then add a rule to the firewall to allow SSH. You can limit it to all IPs or a single IP.

        Once you’re done, don’t forget to turn the firewall rule off.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.