yes its that directory but I cannot create the root directory

Are you able to create any directory under /etc at all? Do you have CIFS license? What is security style of root volume?

You should have added that it applies to Data ONTAP 8.x only.

Hi aborzenkov, you are right!

But even Data ONTAP is previous than 8.x , it is possible to accomplish this task only through CLI.

filer> wrfile /etc/authorized_keys

filer> ndmpd status

filer> ndmpd on (if is off)

filer> ndmpcopy /etc/authorized_keys /etc/sshd/root/.ssh

filer> ndmp off (if it was off in the previous step)

filer> priv set diag

filer> rm /etc/authorized_keys

filer> priv set admin

The easiest way, thank you it is working!

ok i created the dir and put in the authorized_keys file under

filer\c$\etc\sshd\root

but still ssh from my management workstation asking for password

The right path is:

filer\c$\etc\sshd\root\.ssh

Also make sure the option bellow is set to 'on':

options ssh.pubkey_auth.enable

still not working. strange.

options ssh

ssh.access *

ssh.enable on

ssh.idle.timeout 0

ssh.passwd_auth.enable on

ssh.port 22

ssh.pubkey_auth.enable on

ssh1.enable on

ssh2.enable on

authorized_keys is under

filer\c$\etc\root\.ssh\authorized_keys

authorized keys was generated from my mgmt workstation

Could you show how you generate your keys?

In time: the path you put is not right yet.

It is the right:

filer\c$\etc\sshd\root\.ssh

Note: best practice is to disable ssh1 because it is not secure.

ssh-keygen -t rsa -b 1024

ssh-keygen -t dsa -b 1024

cat id_dsa.pub > authorized_keys

cat id_rsa.pub >> authorized_keys

These commands where executed in the filer or in a Linux host?

on the filer itself in systemshell.

Usually I run this command to generate pubkey at the client side, then I put the pubkey in the filer.

you are saying i dont need to use authorized_keys? or just copy the .pub keys over?

These are all the steps I do:

In the client side (Linux host):

#ssh-keygen –t rsa (respond all the questions blank)

It will generate a private key (/root/.ssh/id_rsa) and a public key (/root/.ssh/id_rsa.pub). You need to put the content of the public key inside the authorized_keys file in the filer.

In the filer side:

First, enter in advanced mode:

filer> priv set advanced

Now, unlock and set a password to diag account:

filer*> useradmin diaguser unlock

filer*> useradmin diaguser password

Enter in the systemshell, create the directory you need and put the pubkey generated in the authorized_keys file:

filer*> systemshell

login: diag

Password: the same you set in the previous step

filer% mkdir -p /mroot/etc/sshd/root/.ssh

filer% vi /mroot/etc/sshd/root/.ssh/authorized_keys (here is where you put the content of the id_rsa.pub generate in the client)

filer% sudo chown -R root:wheel /mroot/etc/sshd/root

filer% sudo chmod -R 0600 /mroot/etc/sshd/root

Then, exit systemshell, lock diag account and exit advanced mode:

filer% exit

filer*> useradmin diaguser lock

filer*> priv set admin

hope it help! 😃

ok i finally got it to work. I guess the copy and paste carried over some weird characters.

i was able to scp the file to the filer and it works now.

thanks a lot

this path is not right?

filer\c$\etc\sshd\root\.ssh\authorized_keys

i have no cifs license