SSH login security

Contributors

Starting with ONTAP 9.5, you can view information about previous logins, unsuccessful attempts to log in, and changes to your privileges since your last successful login.

Security-related information is displayed when you successfully log in as an SSH admin user. You are alerted about the following conditions:

  • The last time your account name was logged in.

  • The number of unsuccessful login attempts since the last successful login.

  • Whether the role has changed since the last login (for example, if the admin account’s role changed from "admin" to "backup.")

  • Whether the add, modify, or delete capabilities of the role were modified since the last login.

Note

If any of the information displayed is suspicious, you should immediately contact your security department.

To obtain this information when you login, the following prerequisites must be met:

  • Your SSH user account must be provisioned in ONTAP.

  • Your SSH security login must be created.

  • Your login attempt must be successful.

Restrictions and other considerations for SSH login security

The following restrictions and considerations apply to SSH login security information:

  • The information is available only for SSH-based logins.

  • For group-based admin accounts, such as LDAP/NIS and AD accounts, users can view the SSH login information if the group of which they are a member is provisioned as an admin account in ONTAP.

    However, alerts about changes to the role of the user account cannot be displayed for these users. Also, users belonging to an AD group that has been provisioned as an admin account in ONTAP cannot view the count of unsuccessful login attempts that occurred since the last time they logged in.

  • The information maintained for a user is deleted when the user account is deleted from ONTAP.

  • The information is not displayed for connections to applications other than SSH.

Examples of SSH login security information

The following examples demonstrate the type of information displayed after you login.

  • This message is displayed after each successful login:

    Last Login : 7/19/2018 06:11:32
  • These messages are displayed if there have been unsuccessful attempts to login since the last successful login:

    Last Login : 4/12/2018 08:21:26
    Unsuccessful login attempts since last login – 5
  • These messages are displayed if there have been unsuccessful attempts to login and your privileges were modified since the last successful login:

    Last Login : 8/22/2018 20:08:21
    Unsuccessful login attempts since last login – 3
    Your privileges have changed since last login