Table of ContentsView in Frames

Allowing only secure access to the storage system

If you want to allow only secure access to your storage system, enable secure protocols and disable nonsecure protocols. You should also set password rule options to enhance password security.

About this task

On storage systems shipped with Data ONTAP 8.0 or later, secure protocols (including SSH, SSL, and HTTPS) are enabled and nonsecure protocols (including RSH, Telnet, FTP, and HTTP) are disabled by default.

Steps

  1. Use the secureadmin commands to set up and enable the secure protocols, SSH and SSL.

    If you want to enable FTPS and SFTP, see the Data ONTAP File Access and Protocols Management Guide for 7-Mode.

    After you have set up SecureAdmin to enable SSH and SSL, the following options are set to on:

    • options ssh.enable
    • options ssh2.enable (if you enabled SSHv2 during SecureAdmin setup)
    • options ssh.passwd_auth.enable
    • options ssh.pubkey_auth.enable
    • options httpd.admin.ssl.enable

  2. Disable nonsecure protocols.
    To disable the following access to the storage system… Enter the following at the storage system prompt…
    RSH
    options rsh.enable off
    Telnet
    options telnet.enable off
    FTP
    options ftpd.enable off
    HTTP
    options httpd.enable off
    Note: This option controls HTTP access to the storage system.
    SSHv1
    options ssh1.enable off
    Note: Ensure that the ssh.enable option and the ssh2.enable option are set to on.
  3. Ensure that the following password options are set:
    • options security.passwd.rules.everyone on

      This option ensures that password composition is checked for all users, including root and Administrator.

    • options security.passwd.rules.history 6

      This option prevents users from reusing any of the six previously used passwords.