Why does CSHM attempt a SSH connection to a cluster switch
Applies to
- ONTAP 9
- Cluster, Storage and MetroCluster IP Switch Health Monitor (CSHM)
Answer
- As part of normal operation, CSHM connects via SSH to the switch to collect the displayed banner information, but CSHM does not actually log in to the switch
- The banner is parsed to obtain RCF file and version information
- The SSH connection function cannot be disabled
- When switch log collection is enabled, public key-based SSH connections are established by CSHM to collect switch meta-data and log information
Additional Information
- Feature Request 1546268 - SSH authentication failures due to RCF banner and version collection in CSHM changes the methodology for obtaining RCF information from switches
- RCF banner is collected when switch log collection is enabled on the ONTAP cluster
- The collection of the RCF version is attempted via SNMP. However, this requires the switch's RCF versions to be compatible with ONTAP versions that include the 1546268 change and to provide RCF information through a "dummy" port-channel.
- For older RCF versions or when no RCF version "dummy" port-channel is configured, the RCF version is obtained from the banner. This is now done when switch log collection is enabled on the ONTAP cluster