ONTAP Discussions

removal of hmac-ripemd160 from OnTap 9.1p7

itopsxerox

Hi,

 

Could some one help me on this. We are planning to upgrade our OnTap 9.1 p7 to 9.3. during the image validation, I got the below warning. Could you please let me know if we remove the mentioned MAC algoritham from the existing setup, will it cause any issue, post upgrdate.

 

Openssh 7.2 upgrade   Warning    Warning: "hmac-ripemd160" and

precheck                         "hmac-ripemd160-etm" are considered weak

                                 keyed-hash message authentication code

                                 (HMAC) algorithms and support for the same

                                 will be removed after upgrading to Data

                                 ONTAP 9.3.

                                 Action: Before retrying the upgrade, remove

                                 the above weak algorithms using "security

                                 ssh remove" command. To list all Vservers

                                 configured with one or both the above HMAC

                                 algorithms, run "security ssh show

                                 -mac-algorithms hmac-ripemd160* -vserver *

                                 -fields vserver" .

 

Thanks,

Senthil

6 REPLIES 6

shuklas

It will not impact anything however if you have any client which is using "Hmac-Ripemd160" to talk to ONTAP it will be denied .

itopsxerox
how to check which client is using the given MAC algorithm

shuklas

This has to be done by the client end . You can ask your server team to validate the same .

 

itopsxerox

Hi shuklas,

 

we are using Netapp storage only for Lun which is mapped to vmware. will it impact the the vmware infra.

 

shuklas

No it will not

SVHO

Bump for this old post.  Do I have to remove this prior to the upgrade?

 

We are on 9.2p1 going to 9.3p18.  We did the validation and it said the same thing as the original poster.  We are using CIFS and NFS.

 

When running the below command, it shows below.

cmnas::*> security ssh show -mac-algorithms hmac-ripemd160* -vserver * -fields vserver
vserver
--------
cm_svm1
cmnas
js_svm1
3 entries were displayed.

 

 

TT

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public