ONTAP Discussions

Getting "Access Denied" while accessing with mgmt interface IP in ONTAP9.0

Rinku02Bansal

Hi , 

 

We have cluster  setup of 2 node cluster across 2 VM's - I attempt to SSH into the mgmt interface via PuTTY and I receive "Access Denied" even m putting correct password . I also tried with system manager , getting same error . Am not able to figure out what's wrong with this. Moreover , we are able to take ssh session with node interface IP.Below are some finding.

 

login as: admin
You are accessing ViPR. By using this system you consent to the owning organization's terms and conditions.
Using keyboard-interactive authentication.
Password:
Access denied
Using keyboard-interactive authentication.
Password:
Access denied

 

 

cluster90::security login> show                                                               <--Taken output by accessing node interface

Vserver: cluster90
Authentication Acct Is-Nsswitch
User/Group Name Application Method Role Name Locked Group
---------------- ----------- --------- ---------------- ------ -----------
admin ssh password admin no no

 

 

 

cluster90::> system services firewall policy show    <-- Firewall allowed to ssh 
Vserver Policy Service Allowed
------- ------------ ---------- -------------------
cluster90
data
dns 0.0.0.0/0
ndmp 0.0.0.0/0
ndmps 0.0.0.0/0
cluster90
intercluster
https 0.0.0.0/0
ndmp 0.0.0.0/0
ndmps 0.0.0.0/0
cluster90
mgmt
dns 0.0.0.0/0
http 0.0.0.0/0
https 0.0.0.0/0
ndmp 0.0.0.0/0
ndmps 0.0.0.0/0
ntp 0.0.0.0/0
snmp 0.0.0.0/0
ssh 0.0.0.0/0
14 entries were displayed.

 

 

cluster90::> cluster show
Node Health Eligibility
--------------------- ------- ------------
cluster90-01 true true
cluster90-02 true true
2 entries were displayed.

 

Donot know what thing is blocking access. Any help/advice is appreciated.

 

Thanks



 

 

 

 

2 REPLIES 2

csalitros

Did you change any of the settings under the ssh configs?

::> security ssh show

 

What firewall polucy is applied to the specific LIFs?

::> net int show -fields firewall-policy

 

 

Rinku02Bansal

Hello csalitros,

 

We haven't changed anything on security ssh & also not configured on firewall side. With same Configuration, other Cluster Simulator setup(ontap9.2) working fine but facing issue in Ontap9.0

 

cluster90::> security ssh show
Vserver Ciphers Key Exchange Algorithms MAC Algorithms
--------------- ---------------- -------------------------- --------------
cluster90 aes256-ctr, diffie-hellman-group- hmac-sha1,
aes192-ctr, exchange-sha256, hmac-sha1-96,
aes128-ctr, diffie-hellman-group- hmac-sha2-256,
aes256-cbc, exchange-sha1, hmac-sha2-512,
aes192-cbc, diffie-hellman-group14- hmac-sha1-etm,
aes128-cbc, sha1, ecdh-sha2-nistp256, hmac-sha1-96-
3des-cbc, ecdh-sha2-nistp384, etm,
aes128-gcm, ecdh-sha2-nistp521, hmac-sha2-256-
aes256-gcm curve25519-sha256 etm,
hmac-sha2-512-
etm, hmac-md5,
hmac-md5-96,
hmac-
ripemd160,
umac-64,
umac-128,
hmac-md5-etm,
hmac-md5-96-
etm,
hmac-
ripemd160-etm,
umac-64-etm,
umac-128-etm

cluster90::> net int show -fields firewall-policy
(network interface show)
vserver lif firewall-policy
------- ------------------ ---------------
Cluster cluster90-01_clus1
Cluster cluster90-01_clus2
Cluster cluster90-02_clus1
Cluster cluster90-02_clus2
cluster90
cluster90-01_mgmt1 mgmt
cluster90
cluster90-02_mgmt1 mgmt
cluster90
cluster_mgmt mgmt
7 entries were displayed.

 

Announcements
Register for Insight 2021 Digital

INSIGHT 2021 Digital: Meet the Specialists 2

On October 20-22, gear up for a fully digital, totally immersive virtual experience with a downright legendary lineup of world-renowned specialists. Tune in for visionary conversations, solution deep dives, technical sessions and more.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public