Re: SSH admin Login without password - Domain Group User

LUN_Move_Events_filter · ‎2020-09-14

Hi there. I've reviewed the following link, but have a unique (surely not) problem.

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_set_up_public_key_authentication_Cluster-Mode_Data_OnTap_(cDOT)...

My admin user account is part of an AD Admin Group, the GROUP has access to logon to the Cluster & we are not allowed to have individual account access. They want admin access controlled through the AD group. So thats all fine and works, but I want to setup key pair login with my AD authenticated account via SSH. The above article says I need my own individual account access on the cluster to upload my pub key.

I guess I'm wondering if my AD auth can be forwarded to either System Manager or my SSH session? OR how do I make SSH login work with a key pair while using an AD Group account? Hopefully that makes sense.

hmoubara · ‎2020-09-25

Hello,

I tried running through your request in one my lab but i am not able to create either recommendation that you requesting.

I have shared below a TR regarding Multifactor Authentication in ONTAP that might be helpful:

https://www.netapp.com/us/media/tr-4647.pdf

Thanks

LUN_Move_Events_filter · ‎2020-09-27

Thanks for your efforts. I'm trying to log into the CLI without having to type a password. I have to log in to different clusters about 30 times a day. That's 30 times I need to type in a complex password.

I'm looking for a way to authenticate by passing through my already authenticated windows AD session... or any other way, like public/private key but it has to work with my account being part of an AD group.

It seems ONTAP does not currently support this. Maybe a feature request? What about a tick box on the System Manager login page like vSphere has to use your current session credentials to authenticate?

SSH admin Login without password - Domain Group User

Get ready to power on