Saturday, September 12, 2009

SSH broken if you disable Telnet in ontap 7.3.1

And here’s another bug which we hit a last month.

Last month when I was doing setup of our new filers I disabled telnet on the systems with along-with lots of other tweaking but later on when I tried to connect the system with SSH it refused. Thinking about that I might have turned off some other deep registry feature I went through entire registry but couldn’t find anything suspicious.

So I turned on SSH verbose login, tried to re-run SSH setup with different passkey sizes and what not, but no joy. Finally I tried with enabling telnet and voila it worked. By the time it worked it was around 7 pm so I called a day and left office scratching my head.

Next morning again I started looking around if there was something obvious I am missing but no, I couldn’t find anything even on NOW site, so I opened a case with NetApp and even NetApp guy was not able to understand why system is behaving like this, but finally in late evening that NetApp chap came to me with a BURT # 344484 which was fixed in 7.3.1.1P2.

Now there was a big problem as I wasn’t quite ready to upgrade my systems with a patched version so decided to let have telnet enable and wait for 7.3.2 to arrive. But since that time I was getting bugged with IT-security team because I was trying to get these systems connected in network so I can start allocating some space and get rid of space low warning but these guys were not allowing me because telnet was enabled on them. Finally past week when I noticed 7.3.2RC1 and 8.0RC1 availability on now site I got some sigh of relief as I believe now 7.3.2 GA should be available within a month and finally I can have my systems meeting my organization security policy more importantly I can get rid of pending space allocation request.

4 comments:

damorg said...

Not sure if this is still an issue for you but short of "options telnet.enable off", you can set:
options telnet.access "host=-"

This prevents telnet logins from all hosts without disabling ssh.

Hopefully that's helpful for folks who need telnet disable but can't wait or are unable to upgrade to a fixed version of ONTAP.

Lovik said...

Damorg, thanks for your tip it was just off my radar.

Andrew Miller said...

7.3.2 is GA as of last week just in case you didn't notice. :)

Lovik said...

@Andrew, Oh yes I noticed it past weekend and guess what it looks good :) hope ontap 8 simulator comes out soon, IMHO a SD linux build image having multinode installed would be much better option.

Just to be lazy and save my ** hours configuring them.