- Newest
- Most votes
- Most comments
Hello,
I understand that you are unable to access the ubuntu instance after upgrade to 22.04 via putty or wincp.
I was able to replicate the exact issue on my test environment and was getting below error.
No support authentication methods available (server sent: publickey)
Further I did some research on this issue with 22.04 version of ubuntu and found that “ssh-rsa” is now disabled by default in latest version of SSH(OpenSSH_8.9p1) which is installed on the latest Ubuntu versions. You can see the bug 1961833 to learn how to selectively re-enable it if necessary.
[+]https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1961833
According to the above link you can add below lines in /etc/ssh/sshd_config file and restart SSH service, which will enable RSA/SHA1 for host:-
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Please see the snippet for reference:
grep -i ssh-rsa /etc/ssh/sshd_config
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Note : You could update the SSH configuration with above details just before performing reboot after upgrade from 20.04 to 22.04, to avoid connection issue.
Alternatively you can connect to your instances using the sessions manager service to make above changes as the “EC2 instance connect” option is also impacted due to this issue and you will not be able to connect to Ubuntu 22.04 version instance using “EC2 instance connect”. To connect to Ec2 instance using Sessions manager you can follow steps in below link:
[+]. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started.html
[+]. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/session-manager.html
By default SSM agent should be running on the instance, so next step to use SSM is to attach SSM role to the instance. First of all you need to attach AmazonSSMManagedInstanceCore policy to the instance so that Systems Manager can access the instance.
[1] Let's navigate to IAM service and create a role.
[2] Choose the service as EC2
[3] You need to attach ‘AmazonSSMManagedInstanceCore’ policy to the role.
[4] Give a name to the role and finally create the role.
[5] Then you need to attach the role to your instance, by right click on the instance >> select security >> Modify IAM role >> select newly created role >> click update IAM role
[6]Click on the instance and then click connect >> select session manager >> click connect
Note : If the connect option is not present after attaching the above IAM role, please wait for 5-10 minutes and also try rebooting the server
Hope this helps. Please do let me know if you have any further queries or concerns. Have a great day ahead!!
OpenSSH introduced a change in version 8.9p1 related to the MaxStartups configuration item. In previous versions, MaxStartups allowed larger values (such as 4096), but in the new version, due to the switch to using the ppoll(2) system call, the maximum value of MaxStartups is limited to 1023. This is a change in OpenSSH to accommodate the new ppoll(2) behavior. Since this change may affect old configurations, it is recommended to ensure that the MaxStartups configuration item in your sshd_config file does not exceed 1023. If a larger value is set in your configuration, it should be modified to 1023 or smaller to ensure OpenSSH operates properly. You mentioned some suggestions for possible improvements, such as updating documentation, sshd -t showing errors when checking configuration, or automatically limiting MaxStartups to 1023. These suggestions can be submitted to the OpenSSH community to help improve the software's user experience and documentation accuracy. In summary, make sure your MaxStartups configuration does not exceed 1023 and adhere to OpenSSH's new behavior rules to ensure that your SSH server operates properly. If you set a larger value previously, make sure to change it accordingly in the new version.
Relevant content
- asked 7 months ago
- asked 7 months ago
- asked 8 months ago
AWS OFFICIALUpdated 8 months ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 3 days ago
- AWS OFFICIALUpdated 3 months ago
