ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security ssh show

    Display SSH configuration options

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The ` security ssh show` command displays the configurations of the SSH key exchange algorithms, ciphers, MAC algorithms and maximum authentication retry count for the cluster and Vservers. The SSH protocol uses a Diffie-Hellman based key exchange method to establish a shared secret key during the SSH negotiation phrase. The key exchange method specifies how one-time session keys are generated for encryption and authentication and how the server authentication takes place. Data ONTAP supports the ``_diffie-hellman-group-exchange-sha256_`` key exchange algorithm for SHA-2. Data ONTAP also supports the ``_diffie-hellman-group-exchange-sha1_`` , ``_diffie-hellman-group14-sha1_`` , and ``_diffie-hellman-group1-sha1_`` key exchange algorithms for SHA-1. Data ONTAP also supports ``_ecdh-sha2-nistp256_`` , ``_ecdh-sha2-nistp384_`` , ``_ecdh-sha2-nistp521_`` , ``_curve25519-sha256_`` . Data ONTAP also supports the AES and 3DES symmetric encryptions (also known as ciphers) of the following types: ``_aes256-ctr_`` , ``_aes192-ctr_`` , ``_aes128-ctr_`` , ``_aes256-cbc_`` , ``_aes192-cbc_`` , ``_aes128-cbc_`` , ``_aes128-gcm_`` , ``_aes256-gcm_`` and ``_3des-cbc_`` . Data ONTAP supports MAC algorithms of the following types: ``_hmac-sha1_`` , ``_hmac-sha1-96_`` , ``_hmac-md5_`` , ``_hmac-md5-96_`` , ``_umac-64_`` , ``_umac-128_`` , ``_hmac-sha2-256_`` , ``_hmac-sha2-512_`` , ``_hmac-sha1-etm_`` , ``_hmac-sha1-96-etm_`` , ``_hmac-sha2-256-etm_`` , ``_hmac-sha2-512-etm_`` , ``_hmac-md5-etm_`` , ``_hmac-md5-96-etm_`` , ``_umac-64-etm_`` , ``_umac-128-etm_``

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    [-vserver <Vserver Name>] - Vserver

    Identifies the Vserver for which you want to display the SSH key exchange algorithm, cipher, and MAC algorithm configurations.

    [-key-exchange-algorithms <algorithm name>,…​] - Key Exchange Algorithms

    Displays the Vserver or Vservers that have the specified key exchange algorithms enabled.

    [-ciphers <cipher name>,…​] - Ciphers

    Displays the Vserver or Vservers that have the specified ciphers enabled.

    [-mac-algorithms <MAC name>,…​] - MAC Algorithms

    Displays the Vserver or Vservers that have the specified MAC algorithm or algorithms.

    [-max-authentication-retry-count <integer>] - Max Authentication Retry Count

    Displays Vservers with a matching maximum authentication retry count value.

    Examples

    The following command displays the enabled SSH key exchange algorithms, ciphers, MAC algorithms and maximum number of authentication retry count for the cluster and all Vservers. The cluster settings are used as the default for all newly created Vservers:

    cluster-1::> security ssh show
                               Key Exchange  MAC              Max Authentication
    Vserver        Ciphers     Algorithms    Algorithms              Retry Count
    -------------- ----------  ------------  --------------   ------------------
    cluster-1      3des-cbc    diffie-       hmac-sha1                         4
                               hellman-
                               group-
                               exchange-
                               sha256
    vs1            aes256-     diffie-       hmac-sha1,                        6
                   ctr,        hellman-      hmac-sha1-96,
                   aes192-     group-        hmac-sha2-256,
                   ctr,        exchange-     hmac-sha2-512,
                   aes128-     sha256,       hmac-sha1-etm,
                   ctr,        diffie-       hmac-sha1-96-
                   aes256-     hellman-      etm,
                   cbc,        group-        hmac-sha2-256-
                   aes192-     exchange-     etm,
                   cbc,        sha1,         hmac-sha2-512-
                   aes128-     diffie-       etm, hmac-md5,
                   cbc,        hellman-      hmac-md5-96,
                   3des-cbc,   group14-      umac-64,
                   aes128-     sha1,         umac-128,
                   gcm,        ecdh-sha2-    hmac-md5-etm,
                   aes256-gcm  nistp256,     hmac-md5-96-
                               ecdh-sha2-    etm,
                               nistp384,     umac-64-etm,
                               ecdh-sha2-    umac-128-etm
                               nistp521,
                               curve25519-
                               sha256
    2 entries were displayed.
    Top of Page