Problem:
Your Qualys vulnerability scanner picks up an issue with the NetApp OnTap SSH key size stating: Qualys vulnerability SSH Server Public Key Too Small as shown here
Solution:
Fortunately the solution is pretty simple and is only a few lines of code in the CLI:
First login to the CLI using your cluster IP and enter:
set diag
Then enter the below three lines of code (changing to your node name):
systemshell -node <name of node> -command "sudo ssh-keygen -b 4096 -t rsa -f /var/etc/ssh/ssh_host_rsa_key" systemshell -node <name of node> -command "sudo mv /var/etc/ssh/ssh_host_dsa_key /var/etc/ssh/ssh_host_dsa_key.old" systemshell -node <name of node> -command "sudo mv /var/etc/ssh/ssh_host_dsa_key.pub /var/etc/ssh/ssh_host_dsa_key_pub.old"
The SSH key is now updated and should pass the Qualys scan
