Table of ContentsView in Frames

Controlling the sharing of a console session

A console session can be shared with a Telnet or an SSH-interactive session at the same time, or it can be a distinct user environment, separate from Telnet and SSH-interactive sessions.

About this task

You use the telnet.distinct.enable option to control whether the console session is shared with a Telnet or an SSH-interactive session at the same time or the console session is a distinct user environment separate from Telnet and SSH-interactive sessions. To enhance security, you should ensure that the option is set to on to keep the console session separate from a Telnet or an SSH-interactive session.

The console session is always shared with the remote management device, regardless of the telnet.distinct.enable option setting.

Step

  1. To control the sharing of a console session, enter the following command:
    options telnet.distinct.enable [on|off]

    Setting the option to on enhances security by keeping the console session separate from a Telnet or an SSH-interactive session. On storage systems shipped with Data ONTAP 8.0 or later, the default for this option is on.

    Setting the option to off causes the console session to share with a Telnet or an SSH-interactive session. You cannot set the option to off if a user is currently assigned to the Compliance Administrators group.

    If the telnet.distinct.enable option setting is changed during a Telnet or an SSH-interactive session, the change does not go into effect until the next Telnet or SSH login.

    If you change the option setting after upgrading to Data ONTAP 8.0 or later, the changes are preserved even if the system reverts back to the previous Data ONTAP version.

    Note: You can initiate an SSH-interactive session by opening the session without entering a command. For example, you would enter the following command:

    ssh storage_system -l root:""

    If you enter the following command instead, you would initiate a non-interactive session:

    ssh storage_system -l root:"" command