The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to register at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

Is it possible to use Hashicorp Vault ssh plugin for One Time Password generation with ONTAP?

JonathanAlexander

We are looking at the possibility to use Hashicorp vault manage ONTAP local account access and auditing.

One method Vault offers is an SSH Secrets Engine that can generate a one time password when an authorized user requests it.  

 

more info on Vault OTP configuration can be found here:
https://learn.hashicorp.com/tutorials/vault/ssh-otp

Essentially this method requires downloading a vault-ssh-helper executable and storing it in the usr/local/bin location on the host that you want Vault to manage ssh secrets for.   Some modifications of the /etc/pam.d/ssh and /etc/ssh/sshd_config files to  leverage the vault ssh helper is also required.

Before digging too much deeper into this approach, is this something that would be possible with ONTAP?  And would it be a supported configuration?

Thanks in advance

1 REPLY 1

paul_stejskal

There's support for KMIP looks like. I don't think modifying SSH config works like that, so I would talk to the account team and see about what is needed to get a supported configuration. I don't think it's impossible, but definitely the account team can reach out to internal resources to get confirmation or a fPVR if needed.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public