sinful scroll
Hi Team,
We have enabled security domain tunnel for vserver
Login into system manager is great
SSH-
When trying to do ssh to Netapp cluster
Error - remote side unexpectedly closed network connection
Checking logs -
Severity error
sshd.loginGraceTime.expired :time out before password authentication for remote host 172,x,x,x
172.x.x.x is my laptop IP
How can we solve this error
finite nacelle
Maybe start ssh with the -vvv argument. It may shed some light
Ssh -vvv admin@cluster
iron estuary
The quick check is to look at "security login show" and check the domain user or group is enabled for SSH. Domain login won't work for SP/BMC logins, only cluster admin LIFs
radiant ermine
We also have the same error but the login worked properly but since a few weeks we have the issue. Interesting is that some cluster are working and some not, even if the have the exact same configuration, same subnet and same firewall rules. Case is now since 90 days open and engineering is looking on that
sinful scroll
The quick check is to look at "security login show" and check the domain user or...
Thank you but in the security login show I can see the entry
iron estuary
That shows it is enabled for ssh?
iron estuary
We also have the same error but the login worked properly but since a few weeks ...
Yikes, case number?
sinful scroll
Maybe start ssh with the -vvv argument. It may shed some light
Ssh -vvv admin@c...
I did it and getting error as - connection closed by Cluster_mgmt_IP at port 22 , but in Netapp article it says it means user has not been created but it’s not true I have checked security login show and it’s there , I also did check with the other Netapp box where it is working and it’s same entry
sinful scroll
That shows it is enabled for ssh?
I can access via admin user
iron estuary
Please forgive my obsession with this point, but does it in “security login show” as being enabled for ssh?
For your domain user or group
sinful scroll
Please forgive my obsession with this point, but does it in “security login show...
Yes
It shows vserver AD_group_name application as SSH Role name as admin authentication method as domain account locked as - ,
And as I said when doing ssh-vvvv I’m getting error as connection closed by Clutsrr at port 22
radiant ermine
Yikes, case number?
Here you go 2009873838 Robin from your end is supporting us
iron estuary
thats.. err quite a read
dry flower
Could be related to the cifs security options related to AES
quick aspen
Hello, do you have the same issue if you try to perform the ssh using the cluster's IP and not it's name ? I had a similar issue on SSH connections, due to lack of DNS PTR records for the cluster's DNS name.
sinful scroll
Hello, do you have the same issue if you try to perform the ssh using the cluste...
Thank you but this is not the issue
finite nacelle
You never posted the attempt with “ssh -vvv user@cluster”.
Right after a failed attempt, have you logged at ONTAP:
event log show?
sinful scroll
Today I checked in and i can login , I did no change in storage
quick aspen
Same behavior than the issue I had. 🤣 Sometimes it worked without knowing why.. It takes me some days to try reproducing it, and I had no problem with the IP adresss, only with using the DNS cluster name. I guess it may be related to kerberos protocol or something else with AD authentication, because PTR registration of cluster's IP resolved the issue for my issue. It was the first time I saw a such behavior on a netapp cluster. I'm just curious to see what 's the support will find in your case.
quick aspen
Hello, did you get a response from the support. I'm just curious to know what they have found..
sinful scroll
Hello, did you get a response from the support. I'm just curious to know what th...
It was amazing that it gets resolved on it’s own
radiant ermine
We have found the issue. The ns-switch config was wrong. The order was dns, file instead of file,dns