This is a quick post on how to address the Qualys vulnerability SSH server public key too small for NetApp FAS and AFF SANs. Described in this article
First run the below to see the current security configuration:
security config show
Now run the below to enable fips and accept the x3 prompts:
security config modify -interface SSL -is-fips-enabled true
Run security status show command again and you will see you need to reboot both nodes
The easiest way to do this in a cluster is to login to the NetApp OnCommand Manager and go to High Availability under the cluster settings. Lets reboot node 2 first by selecting the option under node 1 to take over node 2
Click Takeover
The process starts
Node 2 goes offline while it is rebooted
Continue to wait – although it gives the option to giveback do not click this
Great, looks like all was successful! Node 2 was rebooted and back online. You can re-home interfaces by going to Network>Interfaces>Send to home
Start the process again but this time to reboot node 1, so elect node 2 and click take over node 1
Again click Takeover
Continue to wait
Node 1 goes offline
Wait until you see the message where nodes can take over before successful
Run another security config show to see if the reboot is still needed. If not all is completed
