Manage SSH functionality on the management node

Contributors netapp-pcarriga

You can disable, re-enable, or determine the status of the SSH capability on the management node (mNode) using the REST API. SSH capability that provides NetApp Support remote support tunnel (RST) session access is enabled on the management node by default.

Beginning with Management Services 2.20, you can enable and disable SSH capability on the management node using the NetApp Hybrid Cloud Control UI.

What you’ll need
  • NetApp Hybrid Cloud Control permissions: You have permissions as administrator.

  • Cluster administrator permissions: You have permissions as administrator on the storage cluster.

  • Element software: Your cluster is running NetApp Element software 11.3 or later.

  • Management node: You have deployed a management node running version 11.3 or later.

  • Management services updates:

You can do any of the following tasks after you authenticate:

Disable or enable the SSH capability on the management node using NetApp Hybrid Cloud Control UI

You can disable or re-enable SSH capability on the management node. SSH capability that provides NetApp Support remote support tunnel (RST) session access is disabled by default on management nodes running management services 2.18 or later. Disabling SSH does not terminate or disconnect existing SSH client sessions to the management node. If you disable SSH and elect to re-enable it at a later time, you can do so using the NetApp Hybrid Cloud Control UI.

Note To enable or disable support access using SSH for a storage cluster, you must use the Element UI cluster settings page.
Steps
  1. From the Dashboard, select the options menu on the top right and select Configure.

  2. In the Support Access for Management Node screen, toggle the switch to enable management node SSH.

  3. After you complete troubleshooting, in the Support Access for Management Node screen, toggle the switch to disable management node SSH.

Disable or enable the SSH capability on the management node using APIs

You can disable or re-enable SSH capability on the management node. SSH capability that provides NetApp Support remote support tunnel (RST) session access is enabled on the management node by default. Disabling SSH does not terminate or disconnect existing SSH client sessions to the management node. If you disable SSH and elect to re-enable it at a later time, you can do so using the same API.

API command

For management services 2.18 or later:

curl -k -X PUT "https://<<ManagementNodeIP>/mnode/2/settings/ssh?enabled=<false/true>" -H  "accept: application/json" -H  "Authorization: Bearer ${TOKEN}"

For management services 2.17 or earlier:

curl -X PUT "https://<ManagementNodeIP>/mnode/settings/ssh?enabled=<false/true>" -H  "accept: application/json" -H  "Authorization: Bearer ${TOKEN}"
Note You can find the bearer ${TOKEN} used by the API command when you authorize. The bearer ${TOKEN} is in the curl response.
REST API UI steps
  1. Access the REST API UI for the management node API service by entering the management node IP address followed by /mnode/:

    https://<ManagementNodeIP>/mnode/
  2. Select Authorize and complete the following:

    1. Enter the cluster user name and password.

    2. Enter the client ID as mnode-client.

    3. Select Authorize to begin a session.

    4. Close the window.

  3. From the REST API UI, select PUT /settings​/ssh.

    1. Select Try it out.

    2. Set the enabled parameter to false to disable SSH or true to re-enable SSH capability that you previously disabled.

    3. Select Execute.

Determine status of the SSH capability on the management node using APIs

You can determine whether or not SSH capability is enabled on the management node using a management node service API. SSH is enabled by default on the management node.

API command

For management services 2.18 or later:

curl -k -X PUT "https://<<ManagementNodeIP>/mnode/2/settings/ssh?enabled=<false/true>" -H  "accept: application/json" -H  "Authorization: Bearer ${TOKEN}"

For management services 2.17 or earlier:

curl -X PUT "https://<ManagementNodeIP>/mnode/settings/ssh?enabled=<false/true>" -H  "accept: application/json" -H  "Authorization: Bearer ${TOKEN}"
Note You can find the bearer ${TOKEN} used by the API command when you authorize. The bearer ${TOKEN} is in the curl response.
REST API UI steps
  1. Access the REST API UI for the management node API service by entering the management node IP address followed by /mnode/:

    https://<ManagementNodeIP>/mnode/
  2. Select Authorize and complete the following:

    1. Enter the cluster user name and password.

    2. Enter the client ID as mnode-client.

    3. Select Authorize to begin a session.

    4. Close the window.

  3. From the REST API UI, select GET /settings​/ssh.

    1. Select Try it out.

    2. Select Execute.

Find more information