Misconfiguration of the Lightsail system key /etc/ssh/lightsail_instance_ca.pub
Lightsail uses the system key /etc/ssh/lightsail_instance_ca.pub to activate browser-based SSH access. If this file is missing, then SSH authentication fails and you receive the CLIENT_UNAUTHORIZED [769]error. The same error occurs when the Lightsail system key isn't specified in the TrustedUserCAKeys parameter in the SSH configuration file /etc/ssh/sshd_config.
If the SSH connection to the instance through the terminal or PuTTY application works, then log in to the instance and confirm that the /etc/ssh/sshd_config file exists and that it contains the ssh-rsa key.
If the file is missing, then recreate the file using the following steps:
1. Run the following command and confirm that you get the ssh-rsa key in the command output:
sudo cat /var/lib/cloud/instance/user-data.txt | grep ^ssh-rsa2. If the command returns the ssh-rsa key in the output, then run the following commands to copy it to /etc/ssh/lightsail_instance_ca.pub:
sudo sh -c "cat /var/lib/cloud/instance/user-data.txt | grep ^ssh-rsa > /etc/ssh/lightsail_instance_ca.pub"
sudo sh -c "echo >> /etc/ssh/sshd_config"
sudo sh -c "echo 'TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub' >> /etc/ssh/sshd_config"
sudo systemctl restart sshd3. If you don't get an ssh-rsa key from step 1, or if you can't SSH to the instance using the terminal or PuTTY application, then create a manual snapshot of the instance and launch a new instance with that snapshot. The Lightsail system key is added to the server automatically at instance launch.
Resolve Lightsail browser-based SSH console errors (amazon.com)
