Browser-based ssh not working after Debian9 upgrade to Debian10

0

Instance OS : Debian9.5

Problems:

  • Cannot using lightsail Browser-based ssh , whereas remote ssh fine.
  • When I click connect using SSH button in my instance web-page, it
    show message as follow:

Log in failed. If this instance has just started up, try again in a minute or two.
CLIENT_UNAUTHORIZED 769

What I did before this problem :

  • using remote ssh to connect instance,
  • using 'apt' tools to upgrade system from Debian9.5 to Debian10

(upgrade according to https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html)

What should I do to let Browser-based ssh recover.
thanks

Edited by: chenlola on Jul 24, 2019 12:28 PM

質問済み 5年前256ビュー
6回答
0

Did you snapshot the instance before the upgrade? If so, I would suggest you revert to your snapshot and try the upgrade again.

It sounds like the SSH service isn't active. That may be due to the upgrade or some problem during the upgrade.

profile picture
David G
回答済み 5年前
0

Browser-based SSH won't work if your instance's system clock drifted too much from correct time.
Please check if that's indeed the case.

Did Debian upgrade modify your /etc/ssh/sshd_config file? Because that may be another reason why browser-based SSH stopped working.

Does your /etc/ssh/sshd_config file still contain the following line?

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

Does /etc/ssh/lightsail_instance_ca.pub still exist?

When your Lightsail instance was launched for the first time it ran the setup script that prepared it for browser-based SSH and more. You can see the contents of that script by using your favorite SSH client and doing this:

curl -s http://169.254.169.254/latest/user-data

If the setup related to /etc/ssh/lightsail_instance_ca.pub file was lost during upgrade, you may be able to recover browser-based SSH by repeating the steps in that script that pertain to /etc/ssh/lightsail_instance_ca.pub.

Thank you for using Lightsail.

Edited by: Pavel@AWS on Jul 30, 2019 12:36 PM

AWS
モデレーター
回答済み 5年前
0

Thanks for Pavel@AWS and David G reply.

Finally ,add this line in /etc/ssh/sshd_config file , completely fixed my instance problem.
(Do not forget restart ssh service.)

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

Edited by: chenlola on Sep 7, 2019 9:42 AM

回答済み 5年前
0

I am having this issue when when I copy a snapshot from a US region to Australia region and start a new instance with this snapshot.
/etc/ssh/sshd_config still has the same line "TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub" as the snapshot in US region.
And the content of /etc/ssh/lightsail_instance_ca.pub is the same, but the web ssh client does not work. I guess the Australia region uses a different private to connect. What is the solution if it is? Thanks

PX
回答済み 4年前
0

It's possible that this is due to the timezone difference. This thread may provide some insight: https://forums.aws.amazon.com/thread.jspa?messageID=812946

AWS
Alex
回答済み 4年前
0

Besides adding the public key in /etc/ssh/sshd_config file as mentioned above, try also adding the second line "CASignatureAlgorithms +ssh-rsa". It worked for me.

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub
CASignatureAlgorithms +ssh-rsa

MrCT
回答済み 3年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ