ONTAP Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

SSH admin Login without password - Domain Group User

LUN_Move_Events_filter
‎2020-09-14 10:33 PM
3,171 Views

Hi there. I've reviewed the following link, but have a unique (surely not) problem.

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_set_up_public_key_authentication_Cluster-Mode_Data_OnTap_(cDOT)...

 

My admin user account is part of an AD Admin Group, the GROUP has access to logon to the Cluster & we are not allowed to have individual account access. They want admin access controlled through the AD group. So thats all fine and works, but I want to setup key pair login with my AD authenticated account via SSH. The above article says I need my own individual account access on the cluster to upload my pub key.

 

I guess I'm wondering if my AD auth can be forwarded to either System Manager or my SSH session? OR how do I make SSH login work with a key pair while using an AD Group account? Hopefully that makes sense.

2 REPLIES 2

hmoubara
NetApp
‎2020-09-25 12:43 AM
3,058 Views

Hello,

 

I tried running through your request in one my lab but i am not able to create either recommendation that you requesting.

I have shared below a TR regarding Multifactor Authentication in ONTAP that might be helpful:

 

https://www.netapp.com/us/media/tr-4647.pdf

 

Thanks

 

0 Kudos

LUN_Move_Events_filter
‎2020-09-27 04:04 PM
In response to hmoubara
3,026 Views

Thanks for your efforts. I'm trying to log into the CLI without having to type a password. I have to log in to different clusters about 30 times a day. That's 30 times I need to type in a complex password.

 

I'm looking for a way to authenticate by passing through my already authenticated windows AD session... or any other way, like public/private key but it has to work with my account being part of an AD group. 

 

It seems ONTAP does not currently support this. Maybe a feature request? What about a tick box on the System Manager login page like vSphere has to use your current session credentials to authenticate?

0 Kudos
All Community Forums
Public