How do I turn on SSH public key authentication for the fsxadmin user on my FSx for ONTAP file system?

2 minute read

I want to use SSH public key authentication instead of password authentication for the fsxadmin user on my Amazon FSx for NetApp ONTAP file system.

Resolution

Prerequisites

1. You must have an SSH key pair. To create a new key pair on a Linux-based system, run the ssh-keygen command.

Note: When prompted, you can choose to leave the passphrase blank.

# ssh-keygen -t rsa -f myfsxkey

Example output:

ssh-keygen -t rsa -f myfsxkey
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in myfsxkey.
Your public key has been saved in myfsxkey.pub.

To get the key-pair value, run this command to retrieve the contents from the .pub file:

# cat myfsxkey.pub
ssh-rsa xxx+xxx/xxx/Test

2. The fsxadmin user must be able to log in with a password.

Turn on SSH public key authentication

1. To use the fsxadmin password to connect to the file system's management endpoint through SSH, run this command:

# ssh -i fsxadmin@xxx.xxx.xxx.xxx

Example output:

$ssh fsxadmin@xxx.xxx.xxx.xxx
Password:

Last login time: 01/01/2023 00:00:00
::>

2. To verify that a public key is configured, run this command. This example shows that a public key isn't configured.

::> security login publickey show -username fsxadmin
There are no entries matching your query.

3. To create a new public key, run this command. The publickey value is taken from the public key created in step 1 of the prerequisites.

::> security login publickey create -username fsxadmin -index 1 -publickey "ssh-rsa xxx+xxx/xxx/Test"

4. To verify that the key association is created, run this command:

::>  security login publickey show -username fsxadmin
Vserver: FsxId0xxxTest
UserName: fsxadmin         Index: 1
Public Key:
ssh-rsa xxx+xxx/xxx/Test
Fingerprint:
SHA256:xxx/xxx/xxx
Bubblebabble fingerprint:
xxx-xxx-xxx
Comment:
-

5. To confirm access to the NetApp CLI using the key pair, run this command:

# ssh -i myfsxkey fsxadmin@xxx.xxx.xxx.xxx

Note: Instead of the previous commands, you can use the security login publickey load-from-uri to load one or more public keys from a Universal Resource Identifier (URI). For more information, see security login publickey load-from-uri on docs.netapp.com.

Topics

Storage

Relevant content

Configure public key authentication for new user, when password authentication is disabled
Boopalan
asked 2 years ago
AWS Transfer Family - SSH Key Pair
venkata99
asked 2 years ago
Authentication via IAM user SSH public keys
kdylan
asked 2 years ago
ssh key-pair anomaly on copying AMI
AWS-User-1977007
asked 2 years ago
SSH key managment for many users
Accepted Answer
Joann Babak
asked 2 years ago
How do I create a new FSx for ONTAP file system in a shared VPC?
AWS OFFICIALUpdated 2 years ago
Why are snapshots created for my FSx for ONTAP file system after I turned off automatic daily backups?
AWS OFFICIALUpdated 7 months ago
How can I use a single SSH key pair for all my AWS Regions?
AWS OFFICIALUpdated 3 years ago
Why can't I delete an SVM on my FSx for ONTAP file system?
AWS OFFICIALUpdated 7 months ago
Why is VMware Cloud on AWS reporting my Amazon FSx for NetApp ONTAP datastore is full when it isn’t?
EXPERT
AMcCord
published 2 months ago