Manage SSH functionality on the management node
You can disable, re-enable, or determine the status of the SSH capability on the management node (mNode) using the REST API. SSH capability that provides NetApp Support remote support tunnel (RST) session access is enabled on the management node by default.
Beginning with Management Services 2.20.69, you can enable and disable SSH capability on the management node using the NetApp Hybrid Cloud Control UI.
-
NetApp Hybrid Cloud Control permissions: You have permissions as administrator.
-
Cluster administrator permissions: You have permissions as administrator on the storage cluster.
-
Element software: Your cluster is running NetApp Element software 11.3 or later.
-
Management node: You have deployed a management node running version 11.3 or later.
-
Management services updates:
-
To use the NetApp Hybrid Cloud Control UI, you have updated your management services bundle to version 2.20.69 or later.
-
To use the REST API UI, you have updated your management services bundle to version 2.17.
-
You can do any of the following tasks after you authenticate:
Disable or enable the SSH capability on the management node using NetApp Hybrid Cloud Control UI
You can disable or re-enable SSH capability on the management node. SSH capability that provides NetApp Support remote support tunnel (RST) session access is disabled by default on management nodes running management services 2.18 or later. Disabling SSH does not terminate or disconnect existing SSH client sessions to the management node. If you disable SSH and elect to re-enable it at a later time, you can do so using the NetApp Hybrid Cloud Control UI.
To enable or disable support access using SSH for a storage cluster, you must use the Element UI cluster settings page. |
-
From the Dashboard, select the options menu on the top right and select Configure.
-
In the Support Access for Management Node screen, toggle the switch to enable management node SSH.
-
After you complete troubleshooting, in the Support Access for Management Node screen, toggle the switch to disable management node SSH.
Disable or enable the SSH capability on the management node using APIs
You can disable or re-enable SSH capability on the management node. SSH capability that provides NetApp Support remote support tunnel (RST) session access is enabled on the management node by default. Disabling SSH does not terminate or disconnect existing SSH client sessions to the management node. If you disable SSH and elect to re-enable it at a later time, you can do so using the same API.
For management services 2.18 or later:
curl -k -X PUT "https://<<ManagementNodeIP>/mnode/2/settings/ssh?enabled=<false/true>" -H "accept: application/json" -H "Authorization: Bearer ${TOKEN}"
For management services 2.17 or earlier:
curl -X PUT "https://<ManagementNodeIP>/mnode/settings/ssh?enabled=<false/true>" -H "accept: application/json" -H "Authorization: Bearer ${TOKEN}"
You can find the bearer ${TOKEN} used by the API command when you authorize. The bearer ${TOKEN} is in the curl response.
|
-
Access the REST API UI for the management node API service by entering the management node IP address followed by
/mnode/
:https://<ManagementNodeIP>/mnode/
-
Select Authorize and complete the following:
-
Enter the cluster user name and password.
-
Enter the client ID as
mnode-client
. -
Select Authorize to begin a session.
-
Close the window.
-
-
From the REST API UI, select PUT /settings/ssh.
-
Select Try it out.
-
Set the enabled parameter to
false
to disable SSH ortrue
to re-enable SSH capability that you previously disabled. -
Select Execute.
-
Determine status of the SSH capability on the management node using APIs
You can determine whether or not SSH capability is enabled on the management node using a management node service API. SSH is enabled by default on the management node.
For management services 2.18 or later:
curl -k -X PUT "https://<<ManagementNodeIP>/mnode/2/settings/ssh?enabled=<false/true>" -H "accept: application/json" -H "Authorization: Bearer ${TOKEN}"
For management services 2.17 or earlier:
curl -X PUT "https://<ManagementNodeIP>/mnode/settings/ssh?enabled=<false/true>" -H "accept: application/json" -H "Authorization: Bearer ${TOKEN}"
You can find the bearer ${TOKEN} used by the API command when you authorize. The bearer ${TOKEN} is in the curl response.
|
-
Access the REST API UI for the management node API service by entering the management node IP address followed by
/mnode/
:https://<ManagementNodeIP>/mnode/
-
Select Authorize and complete the following:
-
Enter the cluster user name and password.
-
Enter the client ID as
mnode-client
. -
Select Authorize to begin a session.
-
Close the window.
-
-
From the REST API UI, select GET /settings/ssh.
-
Select Try it out.
-
Select Execute.
-