How to fix AWS Lightsail CLIENT_UNAUTHORIZED [769]

Published on Author JFLeave a comment
amazon lighstail

There are two main reasons why you might get “Log in failed. If this instance has just started up, try again in a minute or two. CLIENT_UNAUTHORIZED [769]” in Amazon Lightsail browser based SSH login.

You will need SSH login from Putty, etc.

Your machine’s clock is wrong

Check time with https://time.is/UTC (AWS is in UTC time)
sudo date -u

If there’s a mismatch for Ubuntu 18.x try:
sudo timedatectl set-ntp off
sudo timedatectl set-ntp on

Or this:
sudo dpkg-reconfigure tzdata

You are missing the AWS CA cert from /etc/ssh/sshd_config

Edit /etc/ssh/sshd_config

sudo nano /etc/ssh/sshd_config

Scroll to the bottom and add this, then restart SSH:

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

sudo service ssh restart

Now login through the LightSail browser based SSH.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.