Browser-based ssh not working after Debian9 upgrade to Debian10

0

Instance OS : Debian9.5

Problems:

  • Cannot using lightsail Browser-based ssh , whereas remote ssh fine.
  • When I click connect using SSH button in my instance web-page, it
    show message as follow:

Log in failed. If this instance has just started up, try again in a minute or two.
CLIENT_UNAUTHORIZED 769

What I did before this problem :

  • using remote ssh to connect instance,
  • using 'apt' tools to upgrade system from Debian9.5 to Debian10

(upgrade according to https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html)

What should I do to let Browser-based ssh recover.
thanks

Edited by: chenlola on Jul 24, 2019 12:28 PM

asked 5 years ago235 views
6 Answers
0

Did you snapshot the instance before the upgrade? If so, I would suggest you revert to your snapshot and try the upgrade again.

It sounds like the SSH service isn't active. That may be due to the upgrade or some problem during the upgrade.

profile picture
David G
answered 5 years ago
0

Browser-based SSH won't work if your instance's system clock drifted too much from correct time.
Please check if that's indeed the case.

Did Debian upgrade modify your /etc/ssh/sshd_config file? Because that may be another reason why browser-based SSH stopped working.

Does your /etc/ssh/sshd_config file still contain the following line?

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

Does /etc/ssh/lightsail_instance_ca.pub still exist?

When your Lightsail instance was launched for the first time it ran the setup script that prepared it for browser-based SSH and more. You can see the contents of that script by using your favorite SSH client and doing this:

curl -s http://169.254.169.254/latest/user-data

If the setup related to /etc/ssh/lightsail_instance_ca.pub file was lost during upgrade, you may be able to recover browser-based SSH by repeating the steps in that script that pertain to /etc/ssh/lightsail_instance_ca.pub.

Thank you for using Lightsail.

Edited by: Pavel@AWS on Jul 30, 2019 12:36 PM

AWS
MODERATOR
answered 5 years ago
0

Thanks for Pavel@AWS and David G reply.

Finally ,add this line in /etc/ssh/sshd_config file , completely fixed my instance problem.
(Do not forget restart ssh service.)

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

Edited by: chenlola on Sep 7, 2019 9:42 AM

answered 5 years ago
0

I am having this issue when when I copy a snapshot from a US region to Australia region and start a new instance with this snapshot.
/etc/ssh/sshd_config still has the same line "TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub" as the snapshot in US region.
And the content of /etc/ssh/lightsail_instance_ca.pub is the same, but the web ssh client does not work. I guess the Australia region uses a different private to connect. What is the solution if it is? Thanks

PX
answered 4 years ago
0

It's possible that this is due to the timezone difference. This thread may provide some insight: https://forums.aws.amazon.com/thread.jspa?messageID=812946

AWS
Alex
answered 4 years ago
0

Besides adding the public key in /etc/ssh/sshd_config file as mentioned above, try also adding the second line "CASignatureAlgorithms +ssh-rsa". It worked for me.

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub
CASignatureAlgorithms +ssh-rsa

MrCT
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions