How do I turn on SSH public key authentication for the fsxadmin user on my FSx for ONTAP file system?

2 minute read

I want to use SSH public key authentication instead of password authentication for the fsxadmin user on my Amazon FSx for NetApp ONTAP file system.



1.    You must have an SSH key pair. To create a new key pair on a Linux-based system, run the ssh-keygen command.

Note: When prompted, you can choose to leave the passphrase blank.

# ssh-keygen -t rsa -f myfsxkey

Example output:

ssh-keygen -t rsa -f myfsxkey
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in myfsxkey.
Your public key has been saved in

To get the key-pair value, run this command to retrieve the contents from the .pub file:

# cat
ssh-rsa xxx+xxx/xxx/Test

2.    The fsxadmin user must be able to log in with a password.

Turn on SSH public key authentication

1.    To use the fsxadmin password to connect to the file system's management endpoint through SSH, run this command:

# ssh -i

Example output:


Last login time: 01/01/2023 00:00:00

2.    To verify that a public key is configured, run this command. This example shows that a public key isn't configured.

::> security login publickey show -username fsxadmin
There are no entries matching your query.

3.    To create a new public key, run this command. The publickey value is taken from the public key created in step 1 of the prerequisites.

::> security login publickey create -username fsxadmin -index 1 -publickey "ssh-rsa xxx+xxx/xxx/Test"

4.    To verify that the key association is created, run this command:

::>  security login publickey show -username fsxadmin
Vserver: FsxId0xxxTest
UserName: fsxadmin         Index: 1
Public Key:
ssh-rsa xxx+xxx/xxx/Test
Bubblebabble fingerprint:

5.    To confirm access to the NetApp CLI using the key pair, run this command:

# ssh -i myfsxkey

Note: Instead of the previous commands, you can use the security login publickey load-from-uri to load one or more public keys from a Universal Resource Identifier (URI). For more information, see security login publickey load-from-uri on

AWS OFFICIALUpdated 8 months ago