Locked out of lightsail instance after add rules for SSH

0

Hi, I am using Ubuntu 20.04 Lightsail and I can't access my server du to misconfiguration. I just wanted to allaw user to access only /home/username but i messed up the config. I can't ssh the server becaus when I try I am getting the

Unable to load key The SSH connection could not be established because of a mis-configured SSH key. Use a third-party SSH client such as PuTTy to connect to your instance and update your SSH key.

CLIENT_UNAUTHORIZED [769] When I connect with terminal am getting Connection closed by 3.122.173.15 port 22

I have tried the steps in the following link https://repost.aws/questions/QUMEr1u0z1QsCa9k_9Tdy0mg/locked-out-from-my-server-due-to-misconfiguration-in-ssh but can't help me.

Any help please.

asked 2 months ago446 views
1 Answer
3
Accepted Answer

Hello.

What part specifically did you not do well?
As I mentioned in the answer to that URL, if important data is not in the instance, it is easier to recreate it.

Or how about setting a launch script to return the SSH configuration file to its original settings when restoring from a snapshot?
https://docs.aws.amazon.com/lightsail/latest/userguide/lightsail-how-to-configure-server-additional-data-shell-script.html
https://docs.aws.amazon.com/lightsail/latest/userguide/lightsail-how-to-create-instance-from-snapshot.html

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile pictureAWS
EXPERT
iBehr
reviewed 2 months ago
  • If you have identified the problematic settings, you can comment out the settings using something like the "sed" command.

  • I have add the rules to force user to access only home directory like

    /etc/ssh/sshd_config

    Match User username ChrootDirectory /home/jules/jail ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no

    Now I can't login both terminal and browser can't connect

  • I have used the launch script but no luck

    sudo rm /home/jules -r cat <<EOF> /etc/ssh/sshd_config Include /etc/ssh/sshd_config.d/.conf PermitRootLogin yes PasswordAuthentication yes KbdInteractiveAuthentication no UsePAM yes X11Forwarding yes PrintMotd no AcceptEnv LANG LC_ Subsystem sftp /usr/lib/openssh/sftp-server TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub EOF

  • Did you restart sshd after changing the relevant settings as shown below?

    sed -i '/^Match User username$/,/^X11Forwarding no$/ s/^/#/' /etc/ssh/sshd_config
    systemctl restart sshd
    
  • Thanks a lot, I can now connect with a browser but can not connect with the terminal

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions