This post is an update to the earlier post on key based authentication to a ONTAP 7-mode (or ONTAP 7) system. Clustered Data ONTAP’s authentication mechanism is different because it isn’t tied to each node, but rather the cluster itself.
To configure key based authentication for the cluster admin user, you will need to add the authentication method first:
|
1 2 |
cluster01::> security login create -username admin -application ssh -authmethod publickey -role admin -vserver cluster01 Warning: To use public-key authentication, you must create a public key for user "admin". |
Note that the above warning will occur after executing the command to warn you that a public key must be imported for the user before it can be used. Import the key using the following command:
|
1 |
cluster01::> security login publickey create -vserver cluster01 -username admin -index 0 -publickey "ssh-rsa contents_of_public_key_here=" |
Note that the -publickey option has double quotes around the public key text, and the key type prefix (ssh-rsa in this case) remains.
Doing this for Storage Virtual Machine admins/users is the same process, just change the appropriate options (-vserver and -username) to valid values.
Also note that you can have multiple keys (up to 99) for an individual user. If you want to enable the entire storage team to access the cluster admin account without having to worry about shared passwords or shared certificates, that is possible.