User 'lab.demo\administrator' denied access - missing required capability: 'login-ssh'
Two separate environments with the same results. Again, we can get local users to work so the keys are good, and with domain users it is finding the keys.
I have tried useradmin group modify administrators -r admin,root to give maximum permissions, but still no luck. Just the default role of admin should be sufficient..
So getting SSH to work is one thing, but we are really trying to get passwordless SFTP working. Here is the error when we try with a domain user. The Authentication type for SFTP is mixed, we have also tried with NTLM
SFTP (SSH File Transfer Protocol) connection request from client system xxx.xxx.xxx.xxx, user lab.demo\administrator failed, because the user is not permitted to do SFTP (SSH File Transfer Protocol) operations.
Has anyone successfully implemented passwordless SFTP using domain credentials? Is this even supported?
This post is a bit old, but this KB(for SSH breaking when roles change) has the info you need. Any ssh based authentication, with AD accounts is not supported in ONTAP, and believe me I really wish it were. We have ran into a bug recently(2 months ago) and this KB was brought up to us as still being correct.
Data ONTAP does not support key exchange with Active Directory Accounts.
Use local filer accounts for SSH key exchange to avoid this issue. NetApp does not currently support key exchange with Active Directory accounts.