ONTAP Discussions

Highlighted

Netapp SSH not working

Hello Expert,

 

we recently installed a client Host SuSE Enterprise Linux 15. We noticed that from this host , we are unable to do ssh onto Netapp Storage. Netapp Ontap Release is 8.1.4P7 7-Mode.

The error says,

 

>ssh  NetappServer
ssh_dispatch_run_fatal: Connection to 192.XXX.XXX.XXX port 22: Invalid key length

 

 

 

> ssh  NetappServer -v
OpenSSH_7.9p1, OpenSSL 1.1.0i-fips 14 Aug 2018
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for NetappServer
debug1: /root/.ssh/config line 4: Deprecated option "cipher"
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to NetappServer [192.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa_2048 type 0
debug1: identity file /root/.ssh/id_rsa_2048-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version Data ONTAP SSH 1.0
debug1: no match: Data ONTAP SSH 1.0
debug1: Authenticating to NetappServer:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group1-sha1 need=24 dh_need=20
debug1: kex: diffie-hellman-group1-sha1 need=24 dh_need=20
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
ssh_dispatch_run_fatal: Connection to 192.XXX.XXX.XXX  port 22: Invalid key length

 

It says there is mismarch in SSH Keys or so. You guys have faced this problem? Do I have to upgrade netapp ssh version?

 

Please guide me to positive direction.

 

Thanks in advance.

 

Regards,

Admin

7 REPLIES 7
Highlighted

Re: Netapp SSH not working

You should re-run 

secureadmin ssh setup -f

and use a loner key length (like 2048)

Highlighted

Re: Netapp SSH not working

I didnt get this. Where should I run this? On Ontap itself? What does it actually do?

Highlighted

Re: Netapp SSH not working

Ontap command. Specifically 7-mode which you have. 

it recreates the ontap side ssh key to be longer. You probably currently have a 1024 bit key 

 

run the command and create a 2048 bit key

Highlighted

Re: Netapp SSH not working

Aah Ok. But does it mean the other  SLES12 or SuSE10 clients would not be able to ssh to Netapp Filer? Only SLES15 will be able to ssh to Filer? Becaue at the moment the other clients can SSH to Netapp Filer without any problems .

Highlighted

Re: Netapp SSH not working

They other Linux boxes should continue to work. The newer hosts likely have harder restrictions for SSH. 

 what will happen is that the keys will change and you will get a message to that effect the next time you use SSH. You simply need to remove the offending entry in the known_hosts file. Then try again

Highlighted

Re: Netapp SSH not working

Hello,

 

I did the following but now I am not able to ssh from Any Linux hosts  😞

 

bwgb198> secureadmin disable ssh
bwgb198> secureadmin setup -f ssh

 

Please enter the size of host key for ssh1.x protocol [768] :

Please enter the size of server key for ssh1.x protocol [512] :
Please enter the size of host keys for ssh2.0 protocol [768] :

 

After this I could not ssh from any Linuy hosts. Luckily I still have my first ssh login onto Ontap so I can try few more times before the login times out. Opps thats getting critical now. How should I set the above three values. I tries already few options like 768, 2048 , 2048 but not sure what combination will work for me. Please help.

 

 

Highlighted

Re: Netapp SSH not working

below is what i use to use.

Please enter the size of host key for ssh1.x protocol [2048] :
Please enter the size of server key for ssh1.x protocol [1024] :
Please enter the size of host keys(rsa key) for ssh2.0 protocol [2048] :
Please enter the size of host keys(dsa key) for ssh2.0 protocol [1024] :
Please enter the size of host keys(ecdsa key) for ssh2.0 protocol [256] :
Please enter the size of host keys(ed25519 key) for ssh2.0 protocol [2048] :
NetApp Insights To Action
All Community Forums