Subscribe

ONTAP Recipes: Easily configure SSH Multifactor authentication for administrator accounts (MFA)

ONTAP Recipes: Did you know you can…?

 

Easily configure SSH multifactor authentication for administrator accounts (MFA) in ONTAP 9.3

 

In ONTAP 9.3, you can require that administrators log in to an admin or data SVM with both an SSH public key and a user password.

 

  1. Enable SSH MFA for a local user account:

cluster-1::> security login create -vserver engData1 -user-or-group-name admin2 -application ssh -authentication-method publickey -role admin -secondauthentication-method password

 

Please enter a password for user 'admin2':

Please enter it again:

Warning: To use public-key authentication, you must create a public key for user "admin2"

 

 2. Create a public key for the administrator:

 

cluster1::>security login publickey create -vserver engData1 -username admin2 -index 5

-publickey  “ssh-rsa AAB3NzaC1yc2EAAAABIwAAAIEAspH64CYbUsDQCdW22JnK6J/vU9upn

Kzd2zAk9C1f7YaWRUAFNs2Qe5lUmQ3ldi8AD0Vfbr5T6HZPCixNAIzaFciDy7hgnmdj9eNGed

Gr/JNrftQbLD1hZybX+72DpQB0tYWBhe6eDJ1oPLobZBGfMlPXh8VjeU44i7W4+s0hG0E=tsmith

@publickey.example.com"

 

 

For more details on SSH MFA authentication, see “Enabling SSH Multifactor Authentication” in the Administrator Authentication and RBAC Power Guide