https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46041#M4204 <HTML><HEAD></HEAD><BODY><P>Actually you can do this.&nbsp; I've set it up and use it daily.&nbsp; Send me a message and I'll explain if you are interested.</P></BODY></HTML> Wed, 07 Nov 2012 19:46:14 GMT JERROD_FINN 2012-11-07T19:46:14Z https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46026#M4201 <HTML><HEAD></HEAD><BODY><P>We cannot seem to get this to work with domain users. </P><P></P><P>We are using this KB as a guide to setup passwordless ssh</P><P></P><P><A class="jive-link-external-small" href="https://kb.netapp.com/support/index?page=content&amp;id=1011670" target="_blank">https://kb.netapp.com/support/index?page=content&amp;id=1011670</A></P><P></P><P>It is working for root and local users. </P><P></P><P> For domain users we have tested both naming conventions for folder names in /etc/sshd</P><P>/etc/sshd/username@domainname/.ssh/authenticated_keys</P><P>/etc/sshd/domainname\username/.ssh/authenticated_keys</P><P></P><P>It finds the keys, but ONTAP spits back:</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; User 'lab.demo\administrator' denied access - missing required capability: 'login-ssh'</P><P></P><P>Two separate environments with the same results.&nbsp; Again, we can get local users to work so the keys are good, and with domain users it is finding the keys.</P><P></P><P>I have tried useradmin group modify administrators -r admin,root to give maximum permissions, but still no luck.&nbsp; Just the default role of admin should be sufficient..</P><P></P><P>So getting SSH to work is one thing, but we are really trying to get passwordless SFTP working.&nbsp; Here is the error when we try with a domain user.&nbsp; The Authentication type for SFTP is mixed, we have also tried with NTLM</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; SFTP (SSH File Transfer Protocol) connection request from client system xxx.xxx.xxx.xxx, user lab.demo\administrator failed, because the user is not permitted to do SFTP (SSH File Transfer Protocol) operations.</P><P></P><P>Has anyone successfully implemented passwordless SFTP using domain credentials? Is this even supported?</P></BODY></HTML> Thu, 05 Jun 2025 06:52:31 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46026#M4201 audifreakjim 2025-06-05T06:52:31Z https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46029#M4202 <HTML><HEAD></HEAD><BODY><P>This post is a bit old, but this KB(for SSH breaking when roles change) has the info you need.&nbsp; Any ssh based authentication, with AD accounts is not supported in ONTAP, and believe me I really wish it were.&nbsp; We have ran into a bug recently(2 months ago) and this KB was brought up to us as still being correct.</P><P></P><P class="CAUSES"></P><H3>Cause</H3><P></P><DIV class="attr CAUSE"><DIV class="content">Data ONTAP does not support key exchange with Active Directory Accounts.<P></P><P></P></DIV></DIV><P></P><H3>Solution</H3><P> Use local filer accounts for SSH key exchange to avoid this issue. NetApp does not currently support key exchange with Active Directory accounts.</P><P></P><P><A class="jive-link-external-small" href="https://kb.netapp.com/support/index?page=content&amp;id=2012318" target="_blank">https://kb.netapp.com/support/index?page=content&amp;id=2012318</A></P></BODY></HTML> Fri, 08 Jul 2011 14:08:01 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46029#M4202 columbus_admin 2011-07-08T14:08:01Z https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46036#M4203 <HTML><HEAD></HEAD><BODY><P>Thanks for clearing this up!</P></BODY></HTML> Mon, 11 Jul 2011 15:30:33 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46036#M4203 audifreakjim 2011-07-11T15:30:33Z https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46041#M4204 <HTML><HEAD></HEAD><BODY><P>Actually you can do this.&nbsp; I've set it up and use it daily.&nbsp; Send me a message and I'll explain if you are interested.</P></BODY></HTML> Wed, 07 Nov 2012 19:46:14 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/46041#M4204 JERROD_FINN 2012-11-07T19:46:14Z https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/101275#M7593 <P>What was the fix?</P><BLOCKQUOTE><HR /><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/11584">@JERROD_FINN</a> wrote:<BR /><P>Actually you can do this.&nbsp; I've set it up and use it daily.&nbsp; Send me a message and I'll explain if you are interested.</P><HR /></BLOCKQUOTE><P>&nbsp;</P> Mon, 02 Mar 2015 16:41:23 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/SSH-key-authentication-using-domain-users-Then-how-about-SFTP/m-p/101275#M7593 PC70 2015-03-02T16:41:23Z