SSH from an ESX host into NetApp OnTAP

0 Comments ESX 3.5 Tips, ESXi 3.5 Tips, NetApp

Scott Lowe covered this over two years ago but I thought I’d revisit just in case there is someone out there looking to SSH from their ESX hosts directly into the NetApp OnTAP operating system.

By default, ESX only supports AES encryption, OnTAP requires 3DES encryption. This means we’ll need to make a modification to the SSH configuration on ESX to have it support 3DES.  If your asking why would I want this, sometimes it comes in real handy to run OnTAP commands direct from your ESX command-line.  For example, if you want to see how much space an aggregate has left you can simply type; ssh fas1 df -Ag aggr0 — or if you want to grow the size of your LUN; ssh fas1 lun resize /vol/vol#/qtree/lun# 500g — Anyways, the possibilities are endless.

To modify the ciphers supported by ESX Server, edit the /etc/ssh/ssh_config file and change this line;

Ciphers aes256-cbc,aes128-cbc

Instead, it should look like this;

Ciphers aes256-cbc,aes128-cbc,3des-cbc

This will enable SSH connections from the ESX Server to the SSH daemon running in Data OnTAP. Also make sure you have enabled SSH traffic through the ESX firewall;

esxcfg-firewall -e sshClient

And, of course, you’ll need to configure and enable SSH access on the NetApp storage system itself using the secureadmin command in Data OnTAP;

secureadmin setup ssh<br /> secureadmin enable ssh2

Once SSH is reconfigured on ESX Server and configured/enabled in Data OnTAP, then using SSH to run commands remotely from ESX Server to the NetApp storage system should work without any problems.

One final step would be to enable SSH from your ESX host to OnTAP without being asked for a password.  This is pretty simple,  on your ESX host you would do a keygen of a DSA key, you would then put the public key in the authorized keys file of the root user:

On your ESX host generate your key:

ssh-keygen -t dsa

It will ask you were to save the file(s), the default location is fine.

Then take the contents of the file and put that into the authorized_keys file on your NetApp filer.