NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

removal of hmac-ripemd160 from OnTap 9.1p7

itopsxerox
7,933 Views

Hi,

 

Could some one help me on this. We are planning to upgrade our OnTap 9.1 p7 to 9.3. during the image validation, I got the below warning. Could you please let me know if we remove the mentioned MAC algoritham from the existing setup, will it cause any issue, post upgrdate.

 

Openssh 7.2 upgrade   Warning    Warning: "hmac-ripemd160" and

precheck                         "hmac-ripemd160-etm" are considered weak

                                 keyed-hash message authentication code

                                 (HMAC) algorithms and support for the same

                                 will be removed after upgrading to Data

                                 ONTAP 9.3.

                                 Action: Before retrying the upgrade, remove

                                 the above weak algorithms using "security

                                 ssh remove" command. To list all Vservers

                                 configured with one or both the above HMAC

                                 algorithms, run "security ssh show

                                 -mac-algorithms hmac-ripemd160* -vserver *

                                 -fields vserver" .

 

Thanks,

Senthil

6 REPLIES 6

shuklas
7,880 Views

It will not impact anything however if you have any client which is using "Hmac-Ripemd160" to talk to ONTAP it will be denied .

itopsxerox
7,870 Views
how to check which client is using the given MAC algorithm

shuklas
7,865 Views

This has to be done by the client end . You can ask your server team to validate the same .

 

itopsxerox
7,860 Views

Hi shuklas,

 

we are using Netapp storage only for Lun which is mapped to vmware. will it impact the the vmware infra.

 

shuklas
7,851 Views

No it will not

SVHO
6,677 Views

Bump for this old post.  Do I have to remove this prior to the upgrade?

 

We are on 9.2p1 going to 9.3p18.  We did the validation and it said the same thing as the original poster.  We are using CIFS and NFS.

 

When running the below command, it shows below.

cmnas::*> security ssh show -mac-algorithms hmac-ripemd160* -vserver * -fields vserver
vserver
--------
cm_svm1
cmnas
js_svm1
3 entries were displayed.

 

 

TT

Public