ONTAP Recipes: Easily configure SSH Multifactor authentication for administrator accounts (MFA)

ONTAP Recipes: Did you know you can…?


Easily configure SSH multifactor authentication for administrator accounts (MFA) in ONTAP 9.3


In ONTAP 9.3, you can require that administrators log in to an admin or data SVM with both an SSH public key and a user password.


  1. Enable SSH MFA for a local user account:

cluster-1::> security login create -vserver engData1 -user-or-group-name admin2 -application ssh -authentication-method publickey -role admin -secondauthentication-method password


Please enter a password for user 'admin2':

Please enter it again:

Warning: To use public-key authentication, you must create a public key for user "admin2"


 2. Create a public key for the administrator:


cluster1::>security login publickey create -vserver engData1 -username admin2 -index 5

-publickey  “ssh-rsa AAB3NzaC1yc2EAAAABIwAAAIEAspH64CYbUsDQCdW22JnK6J/vU9upn





For more details on SSH MFA authentication, see “Enabling SSH Multifactor Authentication” in the Administrator Authentication and RBAC Power Guide