Error: User modify failed. Cannot modify user on other node: Authentication by SSH key failed!
Error: failed to modify user on other node. SSH key authentication to remote node failed
Overview: This article addresses the error: "failed to modify user on other node. SSH key authentication to remote node failed," providing troubleshooting steps for missing public keys, SSH port settings, sshd_config configurations, and more.
Check the following on the slave/secondary node
Step 1. The error ’User modify failed Cannot modify user on other node: Authentication by ssh key failed’ would occur when the Ezeelogin installed node has its public key missing in /root/.ssh/authorized_keys. To add the key, execute the following command
Check if the key is back in the file.
Step 2. Also, make sure that the port sshd is listening on the servers is given as the gateway port in Settings-> General-> Miscellaneous-> Gateway SSH port
Step 3. Also, make sure PubkeyAuthentication is set to ’YES’ in your sshd_config (sshd configuration) file. In Centos/RHEL/Fedora it would be
Also, run the following command to check if you have enabled the recommended sshd settings in /etc/ssh/sshd_config
root@gateway:~# sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedalgorithms\|Port'
port 22
permitrootlogin yes
pubkeyauthentication yes
passwordauthentication yes
gatewayports no
allowtcpforwarding yes
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sh
Step 4. Make sure root login is permitted on the gateway server. You can check it by using the following command:
And it should log you in; otherwise, edit /etc/ssh/sshd_config and set PermitRootLogin yes.
After, try to authenticate with the command. Make sure you are able to login after entering the password.
ssh root@localhost
Step 5. Also, make sure that the web user(apache, nobody, etc) that the webserver(apache/nginx) runs as is able to read the keys in the dir /usr/local/etc/ezlogin. Make sure to grant the read privileges to
chmod o r /usr/local/etc/ezlogin/id_clkey
chmod o r /usr/local/etc/ezlogin/id_clkey.pub
OR
usermod -G <current_groupname_of_id_clkey_files> <webserver_user>
Step 6. Find out which key type is used by the server by running the below command.
Open /etc/ssh/sshd_config file and append below line to enable RSA key type.
Step 7. Check the log file /var/log/secure
if you get this error in log file "userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms" refer the following article: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms.
Step 8. Reset Ezeelogin cluster keys
Note:
If you have enabled Allow Or Deny SSH Access To A Particular User Or Group in sshd.conf, make sure that the user root is allowed
Step 9: Check if the LoginGraceTime parameter is enabled and set to a safe value.
Related Articles:
Error: User modify failed. Cannot modify user on other node: usermod: user luca does not exist.
Error: User modify failed. Cannot modify user on this node: Authentication by SSH key failed!