A NetApp Technical Diary

This is a must do task if you want to securely script the NetApp or N-Series filers in any way. I never use RSH and don’t recommend using it either. Creating pre-shared keys is pretty straight forward and simple, and should be a one time operation anyway, so doesn’t add much hassle, but adds plenty of peace of mind. This is vital if you want to use any of the scripts I have listed in my blog pages.

Required software:

·         putty

·         plink

·         puttygen

(I have no affiliation with the above, other software will work and do the job, but I find the above easiest and that’s what this page is written about.)

1)      Enable SSH on the filer and generate the default keys (either command line of filer view works equally well)

2)      Run puttygen and set the following settings

a.       Parameters: SSH-2 RSA

b.      Number of bits in generated key: 1024

3)      Click Generate and do some disco moves with the mouse

4)      Copy the contents of the “Public key for pasting into OpenSSH authorised_key file” to the clipboard.

5)      Click “Save public key” and save the file as “id_rsa.pub”

6)      Click “Save private key” and save the file as “id_rsa.ppk”

7)      Open up the filers c$ or etc$ share and create the folder structure “/etc/sshd/root/.ssh”. Using the Windows command line to create “.ssh” as you won’t be able to from Windows Explorer. You may need to create the folder locally, then copy it across

8)      Create a text file “authorized_keys” (American spelling) and paste the previously copied contents into this file. Best use Wordpad as Notepad can mess with the line breaks. If this file already exists, make sure to only append the new contents to this file or you’ll remove any already configured pre-shared keys.

9)      The very first time you open an SSH session, you will always be asked to save the fingerprint, this is expected. After this has been saved, you shouldn’t be prompted for anything.

10)   Test with plink:

a.       “plink.exe root@filer_name -i “id_rsa.ppk” df -h”

b.      Should output “df -h” from the filer, any command can be used obviously

11)   Test with putty:

a.       Session:

                                                               i.      Hostname: IP / hostname

                                                             ii.      Protocol: SSH

b.      Connection – Data:

                                                               i.      Auto-login username: root

c.       Connection – SSH:

                                                               i.      Preferred SSH Protocol Version: v2 only

d.      Connection – SSH – Auth:

                                                               i.      Browse to the “id_rsa.ppk” file we created earlier”

e.      Save this session and test

As an additional note, filer commands can be daisy chained together to reduce the number of SSH connections made in your scripts. So you could do something like…

plink.exe root@filer -i “id_rsa_ppk” “snap list; snap create vol0 snap1; snap create vol0 snap2; snap delete vol0 snap3”

Most of the above is from memory, so let me know if anything doesn’t work or is incorrect and I’ll update it.