topic Netapp SSH not working in ONTAP Discussions

Netapp SSH not working

siemensocs — Wed, 04 Jun 2025 11:02:50 GMT

Hello Expert,

we recently installed a client Host SuSE Enterprise Linux 15. We noticed that from this host , we are unable to do ssh onto Netapp Storage. Netapp Ontap Release is 8.1.4P7 7-Mode.

The error says,

>ssh NetappServer
ssh_dispatch_run_fatal: Connection to 192.XXX.XXX.XXX port 22: Invalid key length

> ssh NetappServer -v
OpenSSH_7.9p1, OpenSSL 1.1.0i-fips 14 Aug 2018
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for NetappServer
debug1: /root/.ssh/config line 4: Deprecated option "cipher"
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to NetappServer [192.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa_2048 type 0
debug1: identity file /root/.ssh/id_rsa_2048-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version Data ONTAP SSH 1.0
debug1: no match: Data ONTAP SSH 1.0
debug1: Authenticating to NetappServer:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group1-sha1 need=24 dh_need=20
debug1: kex: diffie-hellman-group1-sha1 need=24 dh_need=20
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
ssh_dispatch_run_fatal: Connection to 192.XXX.XXX.XXX port 22: Invalid key length

It says there is mismarch in SSH Keys or so. You guys have faced this problem? Do I have to upgrade netapp ssh version?

Please guide me to positive direction.

Thanks in advance.

Regards,

Admin

Re: Netapp SSH not working

TMACMD — Thu, 02 Jul 2020 14:25:08 GMT

You should re-run

secureadmin ssh setup -f

and use a loner key length (like 2048)

Re: Netapp SSH not working

siemensocs — Thu, 02 Jul 2020 14:29:06 GMT

I didnt get this. Where should I run this? On Ontap itself? What does it actually do?

Re: Netapp SSH not working

TMACMD — Thu, 02 Jul 2020 14:41:58 GMT

Ontap command. Specifically 7-mode which you have.

it recreates the ontap side ssh key to be longer. You probably currently have a 1024 bit key

run the command and create a 2048 bit key

Re: Netapp SSH not working

siemensocs — Fri, 03 Jul 2020 06:52:16 GMT

Aah Ok. But does it mean the other SLES12 or SuSE10 clients would not be able to ssh to Netapp Filer? Only SLES15 will be able to ssh to Filer? Becaue at the moment the other clients can SSH to Netapp Filer without any problems .

Re: Netapp SSH not working

TMACMD — Fri, 03 Jul 2020 12:26:37 GMT

They other Linux boxes should continue to work. The newer hosts likely have harder restrictions for SSH.

what will happen is that the keys will change and you will get a message to that effect the next time you use SSH. You simply need to remove the offending entry in the known_hosts file. Then try again

Re: Netapp SSH not working

siemensocs — Mon, 06 Jul 2020 07:56:35 GMT

Hello,

I did the following but now I am not able to ssh from Any Linux hosts 😞

bwgb198> secureadmin disable ssh
bwgb198> secureadmin setup -f ssh

Please enter the size of host key for ssh1.x protocol [768] :

Please enter the size of server key for ssh1.x protocol [512] :
Please enter the size of host keys for ssh2.0 protocol [768] :

After this I could not ssh from any Linuy hosts. Luckily I still have my first ssh login onto Ontap so I can try few more times before the login times out. Opps thats getting critical now. How should I set the above three values. I tries already few options like 768, 2048 , 2048 but not sure what combination will work for me. Please help.

Re: Netapp SSH not working

Mjizzini — Fri, 10 Jul 2020 06:28:19 GMT

below is what i use to use.

Please enter the size of host key for ssh1.x protocol [2048] : Please enter the size of server key for ssh1.x protocol [1024] : Please enter the size of host keys(rsa key) for ssh2.0 protocol [2048] : Please enter the size of host keys(dsa key) for ssh2.0 protocol [1024] : Please enter the size of host keys(ecdsa key) for ssh2.0 protocol [256] : Please enter the size of host keys(ed25519 key) for ssh2.0 protocol [2048] :