Security SSH endpoint overview
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
Overview
ONTAP supports SSH server that can be accessed from any standard SSH client. A user account needs to be associated with SSH as the application (refer the documentation for api/security/accounts DOC /security/accounts . Upon connecting from a client, the user is authenticated and a command line shell is presented.
This endpoint is used to retrieve or modify the SSH configuration at the cluster level. The configuration consists of SSH security parameters (security algorithms and maximum authentication retry attempts allowed before closing the connection) and SSH connection limits.
The security algorithms include SSH key exchange algorithms, ciphers for payload encryption, and MAC algorithms. This configuration is the default for all newly created SVMs; existing SVM configurations are not impacted. The SSH connection limits include maximum connections per second, maximum simultaneous sessions from the same client host, and overall maximum SSH connections at any given point in time. The connection limits are per node and will be the same for all nodes in the cluster.
Examples
Updating the SSH security parameters
Specify the algorithms in the body of the PATCH request.
# The API: PATCH "/api/security/ssh" # The call: curl -X PATCH "https://<mgmt-ip>/api/security/ssh" -d '{ "ciphers": [ "aes256_ctr", "aes192_ctr" ], "key_exchange_algorithms": [ "diffie_hellman_group_exchange_sha256", "diffie_hellman_group14_sha1" ], "mac_algorithms": [ "hmac_sha2_512_etm", "umac_128_etm" ], "max_authentication_retry_count": 3 }'
Updating the SSH connection limits
Specify the connection limits in the body of the PATCH request.
# The API: PATCH "/api/security/ssh" # The call: curl -X PATCH "https://<mgmt-ip>/api/security/ssh" -d '{ "connections_per_second": 8, "max_instances": 10, "per_source_limit": 5 }'
Retrieving the cluster SSH server configuration
# The API: GET "/api/security/ssh" # The call: curl -X GET "https://<mgmt-ip>/api/security/ssh" # The response: { "ciphers": [ "aes256_ctr", "aes192_ctr" ], "key_exchange_algorithms": [ "diffie_hellman_group_exchange_sha256", "diffie_hellman_group14_sha1" ], "mac_algorithms": [ "hmac_sha2_512_etm", "umac_128_etm" ], "max_authentication_retry_count": 3, "connections_per_second": 8, "max_instances": 10, "per_source_limit": 5, "_links": { "self": { "href": "/api/security/ssh" } } }