ONTAP Discussions
ONTAP Discussions
Hi,
Could some one help me on this. We are planning to upgrade our OnTap 9.1 p7 to 9.3. during the image validation, I got the below warning. Could you please let me know if we remove the mentioned MAC algoritham from the existing setup, will it cause any issue, post upgrdate.
Openssh 7.2 upgrade Warning Warning: "hmac-ripemd160" and
precheck "hmac-ripemd160-etm" are considered weak
keyed-hash message authentication code
(HMAC) algorithms and support for the same
will be removed after upgrading to Data
ONTAP 9.3.
Action: Before retrying the upgrade, remove
the above weak algorithms using "security
ssh remove" command. To list all Vservers
configured with one or both the above HMAC
algorithms, run "security ssh show
-mac-algorithms hmac-ripemd160* -vserver *
-fields vserver" .
Thanks,
Senthil
It will not impact anything however if you have any client which is using "Hmac-Ripemd160" to talk to ONTAP it will be denied .
This has to be done by the client end . You can ask your server team to validate the same .
Hi shuklas,
we are using Netapp storage only for Lun which is mapped to vmware. will it impact the the vmware infra.
No it will not
Bump for this old post. Do I have to remove this prior to the upgrade?
We are on 9.2p1 going to 9.3p18. We did the validation and it said the same thing as the original poster. We are using CIFS and NFS.
When running the below command, it shows below.
cmnas::*> security ssh show -mac-algorithms hmac-ripemd160* -vserver * -fields vserver
vserver
--------
cm_svm1
cmnas
js_svm1
3 entries were displayed.
TT