NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

Network and Storage Protocols

passwordless ssh to filer

TDUBB1234
37,090 Views

I am trying to ssh without password to my filers but after i generated my ssh keys, I tried to create a folder

\\filer\C$\etc$\sshd\root

it will not allow me to create a root directory

I am trying to copy this authorized_keys file to

\\filer\c$\etc\sshd\root\.ssh

help

30 REPLIES 30

aborzenkov
32,836 Views

It is
filer\C$\etc\sshd\root not
filer\C$\etc$\sshd\root.

TDUBB1234
32,836 Views

yes its that directory but I cannot create the root directory

aborzenkov
32,836 Views

Are you able to create any directory under /etc at all? Do you have CIFS license? What is security style of root volume?

RAFAEL_GUEDES
33,209 Views

If you do not have neither CIFS nor NFS licenses, you could create this directory using diag account.

Note: take care using this account.

First, enter in advanced mode:

filer> priv set advanced

Now, unlock and set a password to diag account:

filer*> useradmin diaguser unlock

filer*> useradmin diaguser password

Enter in the systemshell, create the directory you need and put the pubkey generated in the authorized_keys file:

filer*> systemshell

login: diag

Password: the same you set in the previous step

filer% mkdir -p /mroot/etc/sshd/root/.ssh

filer% vi /mroot/etc/sshd/root/.ssh/authorized_keys

filer% sudo chown -R root:wheel /mroot/etc/sshd/root

filer% sudo chmod -R 0600 /mroot/etc/sshd/root


Then, exit systemshell, lock diag account and exit advanced mode:

filer% exit

filer*> useradmin diaguser lock

filer*> priv set admin

aborzenkov
32,836 Views

You should have added that it applies to Data ONTAP 8.x only.

RAFAEL_GUEDES
32,836 Views

Hi aborzenkov, you are right!

But even Data ONTAP is previous than 8.x , it is possible to accomplish this task only through CLI.

filer> wrfile /etc/authorized_keys

filer> ndmpd status

filer> ndmpd on (if is off)

filer> ndmpcopy /etc/authorized_keys /etc/sshd/root/.ssh

filer> ndmp off (if it was off in the previous step)

filer> priv set diag

filer> rm /etc/authorized_keys

filer> priv set admin

D_BEREZENKO
15,150 Views

The easiest way, thank you it is working!

TDUBB1234
33,210 Views

ok i created the dir and put in the authorized_keys file under


filer\c$\etc\sshd\root

but still ssh from my management workstation asking for password

RAFAEL_GUEDES
33,210 Views

The right path is:

filer\c$\etc\sshd\root\.ssh

Also make sure the option bellow is set to 'on':

options ssh.pubkey_auth.enable

TDUBB1234
33,210 Views

still not working. strange.

options ssh

ssh.access *

ssh.enable on

ssh.idle.timeout 0

ssh.passwd_auth.enable on

ssh.port 22

ssh.pubkey_auth.enable on

ssh1.enable on

ssh2.enable on

authorized_keys is under


filer\c$\etc\root\.ssh\authorized_keys

authorized keys was generated from my mgmt workstation

RAFAEL_GUEDES
18,581 Views

Could you show how you generate your keys?

RAFAEL_GUEDES
18,955 Views

In time: the path you put is not right yet.

It is the right:

filer\c$\etc\sshd\root\.ssh

Note: best practice is to disable ssh1 because it is not secure.

TDUBB1234
18,960 Views

ssh-keygen -t rsa -b 1024

ssh-keygen -t dsa -b 1024

cat id_dsa.pub > authorized_keys

cat id_rsa.pub >> authorized_keys

RAFAEL_GUEDES
16,812 Views

These commands where executed in the filer or in a Linux host?

TDUBB1234
16,812 Views

on the filer itself in systemshell.

RAFAEL_GUEDES
16,812 Views

Usually I run this command to generate pubkey at the client side, then I put the pubkey in the filer.

TDUBB1234
16,434 Views

you are saying i dont need to use authorized_keys? or just copy the .pub keys over?

RAFAEL_GUEDES
16,434 Views

These are all the steps I do:

In the client side (Linux host):

#ssh-keygen –t rsa (respond all the questions blank)

It will generate a private key (/root/.ssh/id_rsa) and a public key (/root/.ssh/id_rsa.pub). You need to put the content of the public key inside the authorized_keys file in the filer.

In the filer side:

First, enter in advanced mode:

filer> priv set advanced


Now, unlock and set a password to diag account:

filer*> useradmin diaguser unlock

filer*> useradmin diaguser password


Enter in the systemshell, create the directory you need and put the pubkey generated in the authorized_keys file:

filer*> systemshell

login: diag

Password: the same you set in the previous step

filer% mkdir -p /mroot/etc/sshd/root/.ssh

filer% vi /mroot/etc/sshd/root/.ssh/authorized_keys (here is where you put the content of the id_rsa.pub generate in the client)

filer% sudo chown -R root:wheel /mroot/etc/sshd/root

filer% sudo chmod -R 0600 /mroot/etc/sshd/root


Then, exit systemshell, lock diag account and exit advanced mode:

filer% exit

filer*> useradmin diaguser lock

filer*> priv set admin

hope it help! 😃

TDUBB1234
16,434 Views

ok i finally got it to work. I guess the copy and paste carried over some weird characters.

i was able to scp the file to the filer and it works now.

thanks a lot

TDUBB1234
18,958 Views

this path is not right?


filer\c$\etc\sshd\root\.ssh\authorized_keys

i have no cifs license

Public