Problem SSHing to HP ILO SSH-2.0-mpSSH_0.1.0 with 5.8p1
Damien Miller
djm at mindrot.org
Thu May 19 08:24:01 EST 2011
On Wed, 18 May 2011, Espen Fjellv?r Olsen wrote:
> On 18. mai 2011 23:15, Damien Miller wrote:
> > On Wed, 18 May 2011, Espen Fjellv?r Olsen wrote:
> >
> > > Hi everyone,
> > > We are recently seeing a problem with OpenSSH 5.8p1 and SSH to ILO cards
> > > running SSH-2.0-mpSSH_0.1.0.
> > > This has previously worked with OpenSSH 5.5p1 (last known version for us
> > > to
> > > work).
> > >
> > > ssh ilohost -vvv gives the following on 5.8p1:
> > Could you try
> >
> > ssh -vvv -oKexAlgorithms=diffie-hellman-group1-sha1 ilohost?
> >
> > If that doesn't work, try adding "-oServerHostkeyAlgorithms=ssh-rsa"
> >
> Aha,
> Heres something;
> -oKexAlgorithms=diffie-hellman-group1-sha1 did not work.
> -oServerHostkeyAlgorithms=ssh-rsa wasnt recognized as an option, but
> -oHostKeyAlgorithms=ssh-rsa on the other hand, did infact work!
ok, so HP's ILO SSH implementation is junk. Harmlessly ignoring unsupported
algorithms is the very point of the initial SSH negotiation, so that the
HP code gets this really basic thing wrong is hugely worrying - if they
can't get the simple stuff right, what else have they botched?
Anyway, adding
Host ilo1 ilo2 omfgilo ...
KexAlgorithms diffie-hellman-group1-sha1
HostkeyAlgorithms ssh-rsa
to your ~/.ssh/config (replaceing the host names) should let you connect.
Could you please file a bug with HP? I'd love to hear what they say.
-d
More information about the openssh-unix-dev
mailing list