Home » Categories » Common Errors & Troubleshooting

Error: User modify failed. Cannot modify user on other node: Authentication by SSH key failed!

Article ID: 255 | Rating: Unrated | Last Updated: Fri, Dec 11, 2020 at 12:11 PM

Error: User modify failed. Cannot modify user on other node: Authentication by SSH key failed!

 

Check the following on slave/secondary node

 

1. The error ’User modify failed Cannot modify user on other node: Authentication by ssh key failed’ would occur when the ezeelogin installed node has its public key missing in /root/.ssh/authorized_keys. To add the key, execute the following command 

cat /usr/local/etc/ezlogin/id_clkey.pub >> /root/.ssh/authorized_keys

 

Check if the key is back in the file.

cat /root/.ssh/authorized_keys

 

2. Also, make sure that the port sshd is listening on the servers is given as the gateway port in Settings->General->Miscellaneous->Gateway SSH port

3. Also, make sure PubkeyAuthentication is set to ’YES’ in you sshd_config (sshd configuration) file. In Centos/RHEL/Fedora it would be

vi /etc/ssh/sshd_config

#set PubkeyAuthentication to yes

PubkeyAuthentication yes

service sshd restart

 

3. Also, make sure root login is permitted on the gateway server.

 

You can check this by doing

ssh root@localhost

and it should log you in else edit /etc/ssh/sshd_config and set  PermitRootLogin yes 

vi /etc/ssh/sshd_config

#Add the following lines to the end of  /etc/ssh/sshd_config to allow root login from localhost only

 Match Address 127.0.0.1

 PermitRootLogin yes

 service sshd restart

 and make sure you are able to authenticate with the the command 

ssh root@localhost

Make sure you are able to login after entering the password.

If you have enabled Allow Or Deny SSH Access To A Particular User Or Group in sshd.conf, make sure that the user root is allowed

  4. Also, make sure that the webuser(apache,nobody.etc) that the webserver(apache/nginx) runs as is able to read the keys in the dir /usr/local/etc/ezlogin.

  Make sure to grant the read privileges to

chmod o r /usr/local/etc/ezlogin/id_clkey
chmod o r /usr/local/etc/ezlogin/id_clkey.pub
or
usermod -G <current_groupname_of_id_clkey_files> <webserver_user>

5. Check the log file /var/log/secure

       tail  /var/log/secure

 

 

6. Reset Ezeelogin keys used for privilege escalation

 

     Reset Ezeelogin Authorization Keys

 

 

 

 

 
Posted by: - Thu, Mar 7, 2019 at 4:45 AM. This article has been viewed 1270 times.
Filed Under: Common Errors & Troubleshooting
0 (0)
Article Rating (No Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    502 on login with nginx
    Viewed 4901 times since Wed, Jun 14, 2017
    Error: Server login failed. Authentication by SSH key failed!. Remote Error: (1) if: Expression Syntax..
    Viewed 3163 times since Thu, Jun 15, 2017
    unable to ssh because ip not allowed because none of user’s groups are listed in AllowGroups
    Viewed 11751 times since Thu, Jun 15, 2017
    Unknown cipher in list: TLSv1 SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
    Viewed 7049 times since Thu, Feb 15, 2018
    setup web ssh console in ezeelogin and ssh via browser
    Viewed 12413 times since Tue, Jan 30, 2018
    Blank page in GUI and an error in SSH/backed shell ’ license expired!’
    Viewed 2527 times since Wed, Aug 16, 2017
    key_read: uudecode ssh user cant login with ssh key
    Viewed 6872 times since Thu, Jun 15, 2017
    Could not download binary package. Please manually download it from downloads.ezeelogin.com
    Viewed 864 times since Thu, Apr 4, 2019
    "Blank page" error in webssh console
    Viewed 1940 times since Tue, Jan 30, 2018
    Getting "Could not load configuration" or 500 error on login page
    Viewed 3641 times since Wed, Jun 14, 2017