04-27-2011 02:50 PM
Infrastructure includes a c7000 Blade chassis & BL460G7 server with iLO3. I'm using the OA ssh interface with hponcfg to apply the mentioned config.
Following the documentation /scripting guide for iLO v3 under the IMPORT_SSH_KEY section, there appears to be a discrepency between what is written vs. what actually works (the later of which I can't find).
I also noted that in that section (v 1.05) there are multiple references to iLO 2 and iLO 3 - as though they can be used interchangeably (or someone forgot to search and replace).
The instructions differ from iLO 2 where we didn't need the -----BEGIN SSH KEY ----- lines, so I wrote my XML RIBCL spell around the example given in the book.
The results come back "Invalid SSH key data."
We've tried several different itirations of the ssh key but the only thing that does seem to work is going to the webGUI to import the ssh key - this is not an acceptable option in our case.
The other big difference between iLO 2 and iLO 3 is that with iLO2 we were able to create a user without a password and just use ssh keys. With iLO3, the RIBCL won't accept an XML spell without a password defined. It seems like we're stepping back a bit or HP hasn't updated the documentation to reflect the new way of doing it.
Solved! Go to Solution.
04-27-2011 04:23 PM - edited 04-27-2011 04:35 PM
This gets even more interesting..
The latest iLO 3 scripting guide :
Revised slightly and removed their iLO2 lines.. however, the content is much the same. According to the docs, "At the end of the key, append a space and the name of a valid iLO 3 user name"
My user is foo.
If I follow the docs and put 'foo' at the end of my ssh key (space foo), I get a message back Invalid SSH key data. If I have a key with foo@host at the end, I get a message - There is no user name or the user name appended to SSH key does not exist.
In the web interface, I get exactly the same behavior:
ssh-keygen -t dsa -C foo@host -f /tmp/ilo_console_key <<-- works
ssh-keygen -t dsa -C foo -f /tmp/ilo_console_key <<-- fail
This is great if I was going to use the web interface for all my administration, but the web interface is a timesuck if you are responsible for many hosts.
The plot thickens when you use hponcfg via Linux command line,
Using hponcfg-3.1.0, same key, same XML spell, it accepts the ssh key with the 'foo' user name at the end.
This is very inconsistent behavior and I've opened a ticket with HP support.
07-19-2011 11:53 AM
I too fought with this but I think I finally cracked it. The key (no pun intended) is that each line in the SSH key can be no more than 80 characters long. It may work if the lines are shorter (or even longer) but I made mine exactly 80 chars and that worked so I didn't play with it anymore. I don't know if it's required, but I also put the "ssh-dss" on it's own line. Here's my entire script:
<LOGIN USER_LOGIN="admin" PASSWORD="password">
-----BEGIN SSH KEY-----
-----END SSH KEY-----
01-11-2012 07:54 PM
I don't know who you are or if you'll see this, but that worked.
Thank you for taking the time to register and post an answer.
Eric du Toit
07-09-2013 06:36 AM
80 character lines didn't work for me - 68 character lines, the same as the GUI input window for SSH keys worked though. thanks for the hint!