Skip to Content

Error: User modify failed. Cannot modify user on other node: Authentication by SSH key failed!

Error: failed to modify user on other node. SSH key authentication to remote node failed


Overview: This article addresses the error: "failed to modify user on other node. SSH key authentication to remote node failed," providing troubleshooting steps for missing public keys, SSH port settings, sshd_config configurations, and more.



Check the following on the slave/secondary node

Step 1. The error ’User modify failed Cannot modify user on other node: Authentication by ssh key failed’ would occur when the Ezeelogin installed node has its public key missing in /root/.ssh/authorized_keys. To add the key, execute the following command 

root@gateway:~# cat /usr/local/etc/ezlogin/id_clkey.pub >> /root/.ssh/authorized_keys

      Check if the key is back in the file.

 root@gateway:~# cat /root/.ssh/authorized_keys

Step 2. Also, make sure that the port sshd is listening on the servers is given as the gateway port in Settings-> General-> Miscellaneous-> Gateway SSH port

Step 3. Also, make sure PubkeyAuthentication is set to ’YES’ in your sshd_config (sshd configuration) file. In Centos/RHEL/Fedora it would be

root@gateway:~# vi /etc/ssh/sshd_config

#set PubkeyAuthentication to yes

PubkeyAuthentication yes

root@gateway ~]# service sshd restart

Also,  run the following command to check if you have enabled the recommended sshd settings in /etc/ssh/sshd_config

root@gateway:~# sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedalgorithms\|Port'

port 22
permitrootlogin yes
pubkeyauthentication yes
passwordauthentication yes
gatewayports no
allowtcpforwarding yes
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sh

Step 4. Make sure root login is permitted on the gateway server. You can check it by using the following command:

ssh root@localhost 

And it should log you in; otherwise, edit /etc/ssh/sshd_config and set PermitRootLogin yes.

root@gateway:~# vi /etc/ssh/sshd_config

#Add the following lines to the end of  /etc/ssh/sshd_config to allow root login from localhost only

Match Address 127.0.0.1

PermitRootLogin yes

PubkeyAuthentication yes

#Replace MASTER_NODE_IP with your master node Ezeelogin IP ADDRESS

Match Address MASTER_NODE_IP

PermitRootLogin yes

PubkeyAuthentication yes

 

root@gateway:~# service sshd restart

After, try  to authenticate with the command.  Make sure you are able to login after entering the password.

ssh root@localhost

Step 5.  Also, make sure that the web user(apache, nobody, etc) that the webserver(apache/nginx) runs as is able to read the keys in the dir /usr/local/etc/ezlogin.  Make sure to grant the read privileges to

chmod o r /usr/local/etc/ezlogin/id_clkey
chmod o r /usr/local/etc/ezlogin/id_clkey.pub
                          OR
usermod -G <current_groupname_of_id_clkey_files> <webserver_user>

Step 6. Find out which key type is used by the server by running the below command.

root@gateway:~# ssh-keygen -l -f /usr/local/etc/ezlogin/id_key.pub

4096 SHA256:n4lmX53/gwkKB4+nSQ30hZXxXK+DRG1LPc7N1KN/1Ag ezlogin (RSA)

 Open /etc/ssh/sshd_config file and append below line to enable RSA key type.

root@gateway:~# vim /etc/ssh/sshd_config

PubkeyAcceptedKeyTypes +ssh-rsa

root@gateway:~# systemctl restart sshd

Step 7. Check the log file /var/log/secure

root@gateway:~#  tail -f /var/log/secure

 if you get this error in log file "userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms" refer the following article: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms.

Step 8. Reset Ezeelogin cluster keys

Note: 

If you have enabled Allow Or Deny SSH Access To A Particular User Or Group in sshd.conf, make sure that the user root is allowed


Related Articles:

Error: User modify failed. Cannot modify user on other node: usermod: user luca does not exist.

Error: User modify failed. Cannot modify user on this node: Authentication by SSH key failed!

error: User modify failed Cannot modify user on this node: OS=FreeBSD: Command not found. OS: Undefined