Problem SSHing to HP ILO SSH-2.0-mpSSH_0.1.0 with 5.8p1

Espen Fjellvær Olsen efo at
Sat May 21 02:08:05 EST 2011

On 19. mai 2011 00:24, Damien Miller wrote:
> On Wed, 18 May 2011, Espen Fjellv?r Olsen wrote:
>> On 18. mai 2011 23:15, Damien Miller wrote:
>>> On Wed, 18 May 2011, Espen Fjellv?r Olsen wrote:
>>>> Hi everyone,
>>>> We are recently seeing a problem with OpenSSH 5.8p1 and SSH to ILO cards
>>>> running SSH-2.0-mpSSH_0.1.0.
>>>> This has previously worked with OpenSSH 5.5p1 (last known version for us
>>>> to
>>>> work).
>>>> ssh ilohost -vvv gives the following on 5.8p1:
>>> Could you try
>>> ssh -vvv -oKexAlgorithms=diffie-hellman-group1-sha1 ilohost?
>>> If that doesn't work, try adding "-oServerHostkeyAlgorithms=ssh-rsa"
>> Aha,
>> Heres something;
>> -oKexAlgorithms=diffie-hellman-group1-sha1 did not work.
>> -oServerHostkeyAlgorithms=ssh-rsa wasnt recognized as an option, but
>> -oHostKeyAlgorithms=ssh-rsa on the other hand, did infact work!
> ok, so HP's ILO SSH implementation is junk. Harmlessly ignoring unsupported
> algorithms is the very point of the initial SSH negotiation, so that the
> HP code gets this really basic thing wrong is hugely worrying - if they
> can't get the simple stuff right, what else have they botched?
> Anyway, adding
> Host ilo1 ilo2 omfgilo ...
> 	KexAlgorithms diffie-hellman-group1-sha1
> 	HostkeyAlgorithms ssh-rsa
> to your ~/.ssh/config (replaceing the host names) should let you connect.
> Could you please file a bug with HP? I'd love to hear what they say.
This did the trick, yes.
Thank you Damien.

I am still awaiting to file a bug with HP. Need some of the hardware 
people to give me access to our service agreement details over at HP, or 
file a bug them selves :)
Will reply back when i get an answer from HP (Altough I am sure they 
will tell us to upgrade last years servers to this years servers which 
comes with ILO3 and not this problem).

Espen Fjellvær Olsen
Basefarm AS

More information about the openssh-unix-dev mailing list