You can issue SSH requests to the cluster to perform administrative tasks. SSH is enabled by default.
The -application parameter of the security login commands specifies the access method for a user account. The security login man pages contain additional information.
The network options ipv6 show command displays whether IPv6 is enabled. The system services firewall policy show command displays firewall policies.
If the cluster management LIF resides on the node, it shares this limit with the node management LIF.
If the rate of incoming connections is higher than 10 per second, the service is temporarily disabled for 60 seconds.
AES is supported with 128, 192, and 256 bits in key length. 3DES is 56 bits in key length as in the original DES, but it is repeated three times.
AD user names and domain names are not case-sensitive. However, ONTAP user names are case-sensitive. Case mismatch between the user name created in ONTAP and the user name created in AD results in a login failure.
When SSH multifactor authentication is enabled, users are authenticated by using a public key and a password.
If you are using an AD domain user account, you must specify username in the format of domainname\\AD_accountname (with double backslashes after the domain name) or "domainname\AD_accountname" (enclosed in double quotation marks and with a single backslash after the domain name).
hostname_or_IP is the host name or the IP address of the cluster management LIF or a node management LIF. Using the cluster management LIF is recommended. You can use an IPv4 or IPv6 address.
command is not required for SSH-interactive sessions.
The following examples show how the user account named joe
can issue an SSH request to access a cluster whose cluster management LIF is 10.72.137.28:
$ ssh joe@10.72.137.28 Password: cluster1::> cluster show Node Health Eligibility --------------------- ------- ------------ node1 true true node2 true true 2 entries were displayed. cluster1::>
$ ssh -l joe 10.72.137.28 cluster show Password: Node Health Eligibility --------------------- ------- ------------ node1 true true node2 true true 2 entries were displayed. $
The following examples show how the user account named john
from the domain named DOMAIN1
can issue an SSH request to access a cluster whose cluster management LIF is 10.72.137.28:
$ ssh DOMAIN1\\john@10.72.137.28 Password: cluster1::> cluster show Node Health Eligibility --------------------- ------- ------------ node1 true true node2 true true 2 entries were displayed. cluster1::>
$ ssh -l "DOMAIN1\john" 10.72.137.28 cluster show Password: Node Health Eligibility --------------------- ------- ------------ node1 true true node2 true true 2 entries were displayed. $
The following example shows how the user account named joe
can issue an SSH MFA request to access a cluster whose cluster management LIF is 10.72.137.32:
$ ssh joe@10.72.137.32 Authenticated with partial success. Password: cluster1::> cluster show Node Health Eligibility --------------------- ------- ------------ node1 true true node2 true true 2 entries were displayed. cluster1::>