User modify failed Cannot modify user on this node: Authentication by ssh key failed

1. The error 'User modify failed Cannot modify user on this node: Authentication by ssh key failed' would occur when the ezeelogin installed node has its public key missing in /root/.ssh/authorized_keys. To add the key, execute the following command

cat /usr/local/etc/ezlogin/id_clkey.pub >> /root/.ssh/authorized_keys

Check if the key is back in the file.

cat /root/.ssh/authorized_keys

2. Also, make sure that the port sshd is listening on the servers is given as the gateway port in Settings->General->Miscellaneous->Gateway SSH port

3. Also, make sure PubkeyAuthentication is set to 'YES' in you sshd_config (sshd configuration) file. In Centos/RHEL/Fedora it would be

vi /etc/ssh/sshd_config

#set PubkeyAuthentication to yes

PubkeyAuthentication yes

service sshd restart

3. Also, make sure root login is permitted on the gateway server.

You can check this by doing

ssh root@localhost

and it should log you in else edit /etc/ssh/sshd_config and set  PermitRootLogin yes

vi /etc/ssh/sshd_config

#Add the following lines to the end of  /etc/ssh/sshd_config to allow root login from localhost only

 Match Address 127.0.0.1

 PermitRootLogin yes

 service sshd restart

and make sure you are able to authenticate with the the command
ssh root@localhost
Make sure you are able to login after entering the password.
4. Also, make sure that the webuser(apache,nobody.etc) that the webserver(apache/nginx) runs as is able to read the keys in the dir /usr/local/etc/ezlogin.
  Make sure to grant the read privileges to

chmod o+r /usr/local/etc/ezlogin/id_clkey
chmod o+r /usr/local/etc/ezlogin/id_clkey.pub
or
usermod -G <current_groupname_of_id_clkey_files> <webserver_user>

5. Check the log file /var/log/secure

       tail  /var/log/secure

 6. Reset Ezeelogin keys used for privilege escalation

     Reset Ezeelogin Authorization Keys

5 (1)
Article Rating (1 Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    Backup Ezeelogin failed during Ezeelogin version upgrade
    Viewed 384 times since Tue, Jul 28, 2020
    usernames already exists
    Viewed 784 times since Fri, Mar 15, 2019
    ezsh segfault or kicked of ezsh ssh session or ssh session crash
    Viewed 2501 times since Thu, Jun 15, 2017
    Unable to add server using putty private key key pair. How to convert PPK file OpenSSH format
    Viewed 5224 times since Thu, Jun 15, 2017
    Cannot login to ezeelogin backend - CageFS-Cloudlinux
    Viewed 2406 times since Wed, Jun 14, 2017
    strange characters in the SSH logs recordings
    Viewed 2709 times since Thu, Jun 15, 2017
    Unknown cipher in list: TLSv1 SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
    Viewed 6915 times since Thu, Feb 15, 2018
    In parallel shell i get "An error occurred. Please contact administrator"
    Viewed 3980 times since Wed, Jun 14, 2017
    Google 2 factor authentication fails randomly
    Viewed 2256 times since Wed, Jun 14, 2017
    Unable to open ssh session
    Viewed 3153 times since Thu, Jun 15, 2017