ONTAP Hardware

Turning on SFTP

SVHO
13,585 Views

 

Hi Guys,

 

We need to have a share that is accessbile via SFTP.  Do I enable with the following command?  Also once it is turned on, all other CIFS are accessible?

 

 

options sftp.enable on

 

 

 

 

ONTAP 9.21P

 

 

Thanks,

SVHO

5 REPLIES 5

Sahana
13,551 Views

Hi,

 

Please refer sftp.enable options https://library.netapp.com/ecmdocs/ECMM1281092/html/cmdref/man1/na_options.1.htm

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

AlexDawson
13,544 Views

Hi there,

 

SFTP is not supported by Clustered ONTAP (which all versions of 9.x are). It was supported for a short period of time on on 7-mode ONTAP, which is the source of the documentation you have found

 

Best solution is to create a Linux VM and re-serve the data from an NFS mount from the controller. 

enggsudipta
12,666 Views

Hi Alex,

 

You are absolutely right. We have already build up a same solution as you suggested. But now problem is user have to use different path for cifs and ftp.

For my environment we are planning to migrate the form 7 to C mode where lots of user using FTP. Main challenges from my end user do not have any idea where they were using this ftp. They do not want to change the path from their end. We do lots of migration from 7 to c, in the time of cutover DNS team only change the c-name record from their end so, we will not be impacted after migration and user also do not have to change anythings.

So do you have any solution where users do not have to change anything from their end.

 

Thanks

Sudipta

naveens17
12,652 Views

Hi Sudipta,

 

I have a solution for you and I implemented this.

 

with this solution you don't have to change the paths.

 

1. Get a cerberus software or any ftp/sftp provided software(I like cerberus)

2.Talk to your F5 people

 

Reason: put an F5 in the front and the current 7-mode interfaces as a backend members and then when the users hit that IP's F5 will translate to CDOT LIF's

 

So based on the rules on F5 side they will say ftp/sftp hit any FTP/SFTP server and remaining SMB & NFS traffic route to storage LIF's.

 

3.talking about the paths:

 

in 7-mode it will be as /vol/volname rite

 

so from a cerberus side we can accomplish with out changing the paths like stated below...

 

create a cifs share from CDOT name any thing like 'ftpshare' so point this ftpshare as a root path in cerberus side.  Now comes the actual solution

 

since there is already a 'ftpshare' exists on the CDOT cluster now create a folder under this share call it has 'vol'

 

then the share that are currently exists on the 7-mode side you make a junction-path under 'vol' like below...

 

"/ftpshare/vol/actual7mode share name" (so you have to repeat for all shares on 7-mode side)

 

cerberus can intergate with AD so all the ftp jobs user id if they use domain account then no issues here...

 

 

END result will be like  this...

 

after the cut-over to CDOT. users are not required to change paths since logically on the CDOT side you created under /vol..

 

so for a incoming ftp job it will hit F5 and based on the service it will route to a ceberus server and with already existing paths it will go there and drop a file like below

 

/vol/7modevolname/folder/folder/file.

 

if the traffic is straight SMB then it will route to CDOT LIF's.

 

 

Please send me a email if you have any questions on this.

AlexDawson
12,636 Views

Hi @enggsudipta - I think I have missed something.

 

You can create a location, mounted to a junction path for the SVM, and then share that location as both CIFS and NFS, then mount the location via NFS and have it accessible via SFTP. 

Public