跳转到主内容
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.

NetApp KCS Award

启用 FIPS 后,使用公有密钥身份验证的 SSH 会意外提示输入密码

Views:
15
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
encryption
Last Updated:

适用场景

  • ONTAP 9.3 及更高版本
  • 联邦信息处理标准( FIPS )
  • 公共密钥身份验证

问题描述

  • 使用公共密钥身份验证的帐户出现意外的密码提示。
  • 最近启用了 FIPS 。

在 Linux-client 端的 ssh -vvv 输出中看到的日志:

[root@... ~]# ssh -vvv user@x.x.x.x
...
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/user
debug3: sign_and_send_pubkey: RSA SHA256:<key>
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51                    ---Packet type 51 indicates SSH user authentication failure   

登录 /mroot/etc/log/messages.log :

[daemon_xinetd:info:6650] START: ssh pid=97704 from=::ffff:<client_ip> vsid=-1 role=0x20
[auth_sshd:info:97704] mm_answer_pwnamallow: Got passwd creds user (username), homedir (/var/home/username), uid (1008) from FILES
[auth_sshd:error:97704] error: get_socket_address: getnameinfo 4 failed: hostname nor servname provided, or not known
[auth_sshd:info:97704] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]
[auth_sshd:info:97704] Connection closed by <client_ip> port ##### [preauth]
[daemon_xinetd:info:6650] EXIT: ssh status=255 pid=97704 duration=28(sec)

 

Scan to view the article on your device
CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support