Release notes
Verify SSH host key algorithm support before ONTAP upgrade
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Before you upgrade ONTAP, if SSL FIPS mode is enabled on a cluster where administrator accounts authenticate with an SSH public key, you must ensure that the host key algorithm is supported on the target ONTAP release.
The following table indicates host key type algorithms that are supported for ONTAP SSH connections. These key types do not apply to configuring SSH public authentication.
ONTAP release |
Key types supported in FIPS mode |
Key types supported in non-FIPS mode |
|---|---|---|
9.11.1 and later |
ecdsa-sha2-nistp256 |
ecdsa-sha2-nistp256 |
9.10.1 and earlier |
ecdsa-sha2-nistp256 |
ecdsa-sha2-nistp256 |
|
Support for the ssh-ed25519 host key algorithm is removed beginning with ONTAP 9.11.1. |
For more information, see Configure network security using FIPS.
Existing SSH public key accounts without the supported key algorithms must be reconfigured with a supported key type before upgrading or administrator authentication will fail.