This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to ssh to slave node

I have two UTM VMs running as a high-availability pair.  I need to check something on the slave/standby node, so I'm attempting to SSH to it by means of the ha_utils ssh command from the master/active node.  I'm SSH'd in to the master as root using an ssh key, but when I try to connect to the slave I get Permission Denied.

<M> astaro:/root # ha_daemon -c status
Current mode: HA MASTER with id 1 in state ACTIVE
-- Nodes -----------------------------------------------------------------------
MASTER: 1 esxi3 198.19.250.1 9.705003 ACTIVE since Mon May 10 10:26:56 2021
SLAVE: 2 esxi55 198.19.250.2 9.705003 ACTIVE since Mon May 10 10:31:57 2021
-- Load ------------------------------------------------------------------------
Node  1: [1m] 0.00  [5m] 0.01  [15m] 0.05
Node  2: [1m] 0.01  [5m] 0.02  [15m] 0.05
<M> astaro:/root # ha_utils ssh

Connecting to slave 198.19.250.2
loginuser@198.19.250.2's password:
Permission denied, please try again.
loginuser@198.19.250.2's password:

<M> astaro:/root #

I know I'm using the correct password for loginuser - I've even changed it via the web UI to be sure I wasn't misremembering, but to no avail.

Any thoughts or suggestions welcomed.  Thanks!



This thread was automatically locked due to age.
  • Well I found the cause of the problem, but not sure how best to resolve it.  Apparently it's because I have OTP authentication enabled for myself and the SuperAdmins group, and I guess Loginuser must be included in that group even though it's not visible in the UI. 

    2021:05:21-11:45:18 astaro-1 aua[3871]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
    2021:05:21-11:45:18 astaro-1 aua[2530]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
    2021:05:21-11:45:18 astaro-1 aua[2530]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" host="xxxxxxxx" user="loginuser" caller="sshd" reason="DENIED"

    I tried to log in to the user portal as loginuser, but was unable, so I'm not sure how I can obtain an OTP for that account.  I can work around it by disabling OTP for shell access, but I would rather not, so I'm open to other suggestions.  

  • Circling back to this after a couple of weeks.  Does anyone have any suggestions for a way around the the inability to set an OTP for loginuser?