Subscribe

Invoke-NaSsh not working anymore with DOT 8.2.5 7-mode

Hi all,

 

I upgraded one of our lab systems from ONTAP 8.2.4 to 8.2.5 (7-mode). Since that some of my scripts fail when doing "Invoke-NaSsh" against that system.

 

No idea why, I already regenerated SSH keys but error persists. It used to work with 8.2.4. And it's definitely not a credential issue.

 

PS C:\Users\mark> invoke-nassh -Name ucnlabfiler07 -Command date

invoke-nassh : An established connection was aborted by the software in your host machine.
In Zeile:1 Zeichen:1
+ invoke-nassh -Name ucnlabfiler07 -Command date
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (Smiley Happy [Invoke-NaSsh], SshConnectionException
    + FullyQualifiedErrorId : SshExecFailed,DataONTAP.PowerShell.SDK.Cmdlets.Toolkit.Ssh.InvokeNaSsh

 

Any ideas? Does ONTAP reject the client's key length? How can I make it work again?

 

Cheers,

Mark

Re: Invoke-NaSsh not working anymore with DOT 8.2.5 7-mode

How did you connect to the 7mode controller.  Invoke-nassh only supports via http/https, not rpc

Re: Invoke-NaSsh not working anymore with DOT 8.2.5 7-mode

I connect using credentials that were stored using Add-NaCredential before the ONTAP update. It worked before when ONTAP was 8.2.4.

 

PS C:\Users\mark> connect-nacontroller -name ucnlabfiler07 -HTTPS

Name                 Address           Ontapi   Version
----                 -------           ------   -------
ucnlabfiler07        10.230.1.7        1.21     NetApp Release 8.2.5 7-Mode: Wed Jul 19 03:55:53 PDT 2017


PS C:\Users\mark> invoke-nassh -Name ucnlabfiler07 -Command date
invoke-nassh : An established connection was aborted by the software in your host machine.
In Zeile:1 Zeichen:1
+ invoke-nassh -Name ucnlabfiler07 -Command date
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (Smiley Happy [Invoke-NaSsh], SshConnectionException
    + FullyQualifiedErrorId : SshExecFailed,DataONTAP.PowerShell.SDK.Cmdlets.Toolkit.Ssh.InvokeNaSsh

 

As you see the connection to ONTAPI works, but gets teared down when using SSH with the PSTK.

PuTTy works. OpenSSH clients work. Invoke-NaSSh does not longer work. But works with other systems including cDOT (or even third-party SSH servers), even when not connected to a NaController.

 

Toolkit version is 4.4.0. Can anyone check if invoke-nassh works with DOT 8.2.5?

 

Any hints? I suspect some new security related "feature" of ONTAP's sshd that blocks the connection request. Does anyone know what SSH client (wrapper) is embedded in the PSTK?