Problem SSHing to HP ILO SSH-2.0-mpSSH_0.1.0 with 5.8p1

[Espen Fjellvær Olsen]

On 19. mai 2011 00:24, Damien Miller wrote:
> On Wed, 18 May 2011, Espen Fjellv?r Olsen wrote:
>
>> On 18. mai 2011 23:15, Damien Miller wrote:
>>> On Wed, 18 May 2011, Espen Fjellv?r Olsen wrote:
>>>
>>>> Hi everyone,
>>>> We are recently seeing a problem with OpenSSH 5.8p1 and SSH to ILO cards
>>>> running SSH-2.0-mpSSH_0.1.0.
>>>> This has previously worked with OpenSSH 5.5p1 (last known version for us
>>>> to
>>>> work).
>>>>
>>>> ssh ilohost -vvv gives the following on 5.8p1:
>>> Could you try
>>>
>>> ssh -vvv -oKexAlgorithms=diffie-hellman-group1-sha1 ilohost?
>>>
>>> If that doesn't work, try adding "-oServerHostkeyAlgorithms=ssh-rsa"
>>>
>> Aha,
>> Heres something;
>> -oKexAlgorithms=diffie-hellman-group1-sha1 did not work.
>> -oServerHostkeyAlgorithms=ssh-rsa wasnt recognized as an option, but
>> -oHostKeyAlgorithms=ssh-rsa on the other hand, did infact work!
> ok, so HP's ILO SSH implementation is junk. Harmlessly ignoring unsupported
> algorithms is the very point of the initial SSH negotiation, so that the
> HP code gets this really basic thing wrong is hugely worrying - if they
> can't get the simple stuff right, what else have they botched?
>
> Anyway, adding
>
> Host ilo1 ilo2 omfgilo ...
> 	KexAlgorithms diffie-hellman-group1-sha1
> 	HostkeyAlgorithms ssh-rsa
>
> to your ~/.ssh/config (replaceing the host names) should let you connect.
>
> Could you please file a bug with HP? I'd love to hear what they say.
>
This did the trick, yes.
Thank you Damien.

I am still awaiting to file a bug with HP. Need some of the hardware 
people to give me access to our service agreement details over at HP, or 
file a bug them selves :)
Will reply back when i get an answer from HP (Altough I am sure they 
will tell us to upgrade last years servers to this years servers which 
comes with ILO3 and not this problem).

--
Br
Espen Fjellvær Olsen
Basefarm AS